ClipBucket v5 enables internal network scans via an SSRF vulnerability

5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Description

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent to internal servers. An attacker can exploit this to scan the internal network. Even a regular (non-privileged) user can carry out the attack.

Basic Information

ID CVE-2026-26005

Source GitHub_M

Published Feb 12, 2026 at 20:34

Affected Product

Vendor MacWarrior

Product clipbucket-v5

Version < 5.5.3 - #45

Affected Versions MacWarrior clipbucket-v5 < 5.5.3 - #45

CWE Classification

CWE-918

References

{
    "lastseen": "",
    "description": "ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent to internal servers. An attacker can exploit this to scan the internal network. Even a regular (non-privileged) user can carry out the attack.",
    "published": "2026-02-12T20:34:01.275Z",
    "modified": "2026-02-12T20:34:01.275Z",
    "type": "cve",
    "title": "ClipBucket v5 enables internal network scans via an SSRF vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-69xj-2pq3-5r4v\nhttps://github.com/MacWarrior/clipbucket-v5/commit/a9e0f2322fb37501dfd4f44079fc7826a132503a",
    "id": "CVE-2026-26005",
    "bulletinFamily": "",
    "cwe": [
        "CWE-918"
    ],
    "cvelist": null,
    "sourceData": "MacWarrior clipbucket-v5 < 5.5.3 - #45",
    "sourceHref": "",
    "cvss": {
        "score": 5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "clipbucket-v5",
    "version": "< 5.5.3 - #45",
    "vendor": "MacWarrior",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ClipBucket v5 enables internal network scans via an SSRF vulnerability_CVE-2026-26005