CVE Catalog

CVE-2026-42846

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.07%

21th percentile — higher than 21% of all known CVEs

Summary

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, the Remote Play feature allowed adding videos by importing an external URL, leading to arbitrary command execution due to improper URL handling.

Risk Assessment

Exploitation of this vulnerability could lead to remote execution of arbitrary commands on the server, posing a serious security threat to the organization.

Recommendation

It is recommended to upgrade to version 5.5.3 - #140 or later to mitigate this vulnerability.

Original NVD description (English source)

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly into shell commands without escaping then executed, so any shell metacharacter in the URL is interpreted. This results in arbitrary command execution. This issue has been patched in version 5.5.3 - #140.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS