Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Feb 12, 2026

ClipBucket v5 enables internal network scans via an SSRF vulnerability

CVE-2026-26005

Description

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent to internal servers. An attacker can exploit this to scan the internal network. Even a regular (non-privileged) user can carry out the attack.

Affected products

Macwarrior/Clipbucket V5v5
Range: < 5.5.3 - #45

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/MacWarrior/clipbucket-v5/commit/a9e0f2322fb37501dfd4f44079fc7826a132503amitrex_refsource_MISC
github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-69xj-2pq3-5r4vmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000