CVE-2026-49482
MediumCVSS 4.3Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
ClipBucket v5 is an open source video sharing platform that prior to version 5.5.3 - #141 contained improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user could send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request.
Risk Assessment
This vulnerability could lead to unauthorized overwriting of subtitle titles, affecting the integrity of video content and user trust in the platform. It may also result in potential financial or reputational losses for the organization.
Recommendation
It is recommended to upgrade to version 5.5.3 - #141 to mitigate this vulnerability. Additionally, conducting a security audit of the application to identify other potential vulnerabilities is advisable.
Original NVD description (English source)
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #141, ClipBucket v5 contains an improper neutralization of SQL wildcard characters in the subtitle editing endpoint. An authenticated user can send a % character as the number parameter to overwrite all subtitle titles of any video they own in a single HTTP request. This issue has been patched in version 5.5.3 - #141.

