CVE-2026-49482

Summary

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This issue has been patched in version 5.5.3 - #141.

Affected Software

VendorProductVersion RangeStatus
MacWarriorclipbucket-v5< 5.5.3 - #141affected

Weaknesses

  • CWE-155: CWE-155: Improper Neutralization of Wildcards or Matching Symbols
  • CWE-943: CWE-943: Improper Neutralization of Special Elements in Data Query Logic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

Additional References

References