CVE-2026-28354

MEDIUM EPSS 17.6%

Published Feb 27, 20264mo ago · Modified Mar 3, 20263mo ago

5.7 CVSS 4.0

Medium

Published Feb 27, 2026 4mo ago

Last Modified Mar 3, 2026 3mo ago

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item (/actions/add_to_collection.php) due to missing authorization checks and delete item (/manage_collections.php?mode=manage_items...) due to a broken ownership check in removeItemFromCollection(). As a result, attackers can insert and remove items from collections they do not own. Version 5.5.3 #59 fixes the issue.

CVSS Details

Base Score

5.7

Exploitability

—

Impact

—

Vector string

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector Network

Attack Complexity Low

Privileges Required Low

User Interaction None

Scope X

Threat Intelligence

EPSS Exploit Probability

17.6% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-639

CWE-863 Incorrect Authorization Authorization

Affected Products 1

Vendor	Product	Version	Range
oxygenz	clipbucket	*	≥5.3 – <5.5.3-59

References 1

github.com https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-6wf8-rw5f-c9mv

ExploitVendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.