CVE-2026-26997

LOW EPSS 10.0%
Published Feb 27, 20264mo ago · Modified Mar 3, 20263mo ago
2.0 CVSS 4.0
Low
Find Similar
Published Feb 27, 2026 4mo ago
Last Modified Mar 3, 2026 3mo ago

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.

CVSS Details

Base Score
2.0
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction P
Scope X

Threat Intelligence

EPSS Exploit Probability
10.0% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
oxygenzclipbucket*≥5.3  –  <5.5.3-59

References 2

  • github.com https://github.com/MacWarrior/clipbucket-v5/commit/2da4c8e41f9e4baf47ff89f8a674fbe9b63ac76d
    Patch
  • github.com https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-97r6-4hmx-hcrh
    ExploitVendor Advisory

Remediation

  • github.com https://github.com/MacWarrior/clipbucket-v5/commit/2da4c8e41f9e4baf47ff89f8a674fbe9b63ac76d
    Patch