CVE Catalog

CVE-2026-49482

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.03%

9th percentile — higher than 9% of all known CVEs

Summary

ClipBucket v5 is an open source video sharing platform that prior to version 5.5.3 - #141 contained improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user could send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request.

Risk Assessment

This vulnerability could lead to unauthorized overwriting of subtitle titles, affecting the integrity of video content and user trust in the platform. It may also result in potential financial or reputational losses for the organization.

Recommendation

It is recommended to upgrade to version 5.5.3 - #141 to mitigate this vulnerability. Additionally, conducting a security audit of the application to identify other potential vulnerabilities is advisable.

Original NVD description (English source)

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This issue has been patched in version 5.5.3 - #141.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS