Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.0
ClipBucket Video Sharing Platform: Administrator Can Execute Malicious Code
CVE-2026-26997
Summary
Authenticated users can upload malicious code that administrators may accidentally execute. This can lead to unauthorized access to sensitive information or system takeover. Update to ClipBucket version 5.5.3 #59 to fix the issue and protect your platform.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| oxygenz | clipbucket | > 5.3 , <= 5.5.3-59 | – |
Original title
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #...
Original description
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.
nvd CVSS3.1
5.4
nvd CVSS4.0
2.0
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
Published: 27 Feb 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026