CVE-2026-28354

Name of the Vulnerable Software and Affected Versions ClipBucket versions prior to 5.5.3

Description ClipBucket is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are susceptible to authorization flaws. Authenticated users can modify collection items belonging to other users. This is due to missing authorization checks when adding items via the /actions/add to collection.php endpoint and a broken ownership check in the removeItemFromCollection() function during item deletion via the /manage collections.php?mode=manage items... endpoint. Attackers can insert and remove items from collections they do not own.

Recommendations Update to version 5.5.3 #59 or later.