CVE-2026-26997

ClipBucket v5 has Stored XSS via Collection name

Description

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 #59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 #59 fixes the issue.

INFO

Published Date :

2026-02-27T19:15:11.123Z

Last Modified :

2026-02-27T20:24:08.947Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-26997 vulnerability.

Vendors	Products
Macwarrior	Clipbucket-v5
Oxygenz	Clipbucket

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-26997.

URL	Resource
https://github.com/MacWarrior/clipbucket-v5/commit/2da4c8e41f9e4baf47ff89f8a674fbe9b63ac76d
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-97r6-4hmx-hcrh

CVSS Vulnerability Scoring System

V4
V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Attack Requirements

Privileges Required

User Interaction

VS Confidentiality

VS Integrity

VS Availability

SS Confidentiality

SS Integrity

SS Availability

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact