CVE-2026-26005 MEDIUM

CVE-2026-26005: ClipBucket v5 enables internal network scans via an SSRF vulnerability

Vendor Macwarrior

Product clipbucket-v5

Weakness CWE-918 · SSRF

Published February 12, 2026

Last update February 12, 2026

View on NVD All CVEs

CVSS base score

5.0/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #45, in Clip Bucket V5, The Remote Play allows creating video entries that reference external video URLs without uploading the video files to the server. However, by specifying an internal network host in the video URL, an SSRF can be triggered, causing GET requests to be sent to internal servers. An attacker can exploit this to scan the internal network. Even a regular (non-privileged) user can carry out the attack.

Key dates

02Disclosure timeline

February 12, 2026 CVE published

February 12, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-26005 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/918.html

Related vulnerabilities

CVE-2026-26005: ClipBucket v5 enables internal network scans via an SSRF vulnerability

01Description

02Disclosure timeline

03References

04Related CVE