PT-2026-7902 · Unknown · Clipbucket
Takumi142857
·
Published
2026-02-12
·
Updated
2026-02-18
·
CVE-2026-26005
CVSS v3.1
5.0
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ClipBucket versions prior to 5.5.3
Description
ClipBucket is a video sharing platform. A Server-Side Request Forgery (SSRF) can be triggered through the Remote Play feature, which allows creating video entries referencing external video URLs. By specifying an internal network host in the video URL, an attacker can cause the application to send GET requests to internal servers, potentially enabling internal network scanning. This can be exploited even by regular, non-privileged users. The vulnerable functionality involves referencing external video URLs without uploading the video files to the server.
Recommendations
Update to version 5.5.3 or later.
Exploit
Fix
SSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Clipbucket