CVE Catalog

CVE-2026-45060

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

17th percentile — higher than 17% of all known CVEs

Summary

ClipBucket v5 is an open source video sharing platform that was vulnerable to blind SQL injection in the actions/progress_video.php endpoint prior to version 5.5.3 - #129. Unauthenticated users could exploit the ids parameter to execute SQL queries and exfiltrate sensitive data.

Risk Assessment

Organizations using this version of ClipBucket may be at risk of data leakage and unauthorized database access. Potential consequences include loss of data confidentiality and reputation.

Recommendation

It is recommended to upgrade to version 5.5.3 - #129 to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable.

Original NVD description (English source)

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #129, the actions/progress_video.php endpoint is vulnerable to blind SQL injection. Any unauthenticated user can exploit the ids parameter to execute SQL queries and exfiltrate sensitive data. This issue has been patched in version 5.5.3 - #129.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS