Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.7
ClipBucket Video Sharing Platform: Unauthorized Item Access
CVE-2026-28354
Summary
ClipBucket's video sharing platform has a security flaw that allows a user to change or delete items from another user's collections without permission. This means a malicious user could add or remove videos from someone else's collection. Update to version 5.5.3 #59 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| oxygenz | clipbucket | > 5.3 , <= 5.5.3-59 | – |
Original title
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify ...
Original description
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item (/actions/add_to_collection.php) due to missing authorization checks and delete item (/manage_collections.php?mode=manage_items...) due to a broken ownership check in removeItemFromCollection(). As a result, attackers can insert and remove items from collections they do not own. Version 5.5.3 #59 fixes the issue.
nvd CVSS3.1
6.5
nvd CVSS4.0
5.7
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
CWE-863
Incorrect Authorization
- https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-6wf8-rw5f-c... Exploit Vendor Advisory
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026