Unrated severityNVD Advisory· Published Mar 18, 2026· Updated Mar 19, 2026

ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration

CVE-2026-32321

Description

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute arbitrary SQL queries, leading to full database disclosure and potential administrative account takeover. Version 5.5.3 #80 fixes the issue.

Affected products

Macwarrior/Clipbucket V5v5
Range: < 5.5.3 - #80

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/MacWarrior/clipbucket-v5/commit/726d68b0c9d4c702dce2691c2759b6bf84a1691fmitrex_refsource_MISC
github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-2757-6cp4-v7xxmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000