PatchSiren cyber security CVE debrief
CVE-2026-45060 MacWarrior CVE debrief
CVE-2026-45060 is a critical vulnerability in ClipBucket v5, an open-source video sharing platform. The vulnerability is caused by a blind SQL injection in the actions/progress_video.php endpoint, which allows unauthenticated users to execute SQL queries and exfiltrate sensitive data. The vulnerability has been patched in version 5.5.3 - #129.
- Vendor
- MacWarrior
- Product
- clipbucket-v5
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of ClipBucket v5, especially those who have not upgraded to version 5.5.3 - #129, should be aware of this vulnerability and take necessary actions to protect themselves.
Technical summary
The actions/progress_video.php endpoint in ClipBucket v5 is vulnerable to blind SQL injection. The ids parameter can be exploited by unauthenticated users to execute SQL queries and exfiltrate sensitive data. The CVSS score for this vulnerability is 9.8, indicating a critical severity.
Defensive priority
High
Recommended defensive actions
- Upgrade to ClipBucket v5 version 5.5.3 - #129 or later.
- Restrict access to the actions/progress_video.php endpoint.
- Monitor for suspicious activity on the actions/progress_video.php endpoint.
Evidence notes
The vulnerability was reported by an unknown source and patched in version 5.5.3 - #129. The CVE record was published on [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-45060).
Official resources
-
CVE-2026-45060 CVE record
CVE.org
-
CVE-2026-45060 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45060 was published on 2026-06-11T23:16:23.797Z and modified on 2026-06-12T15:56:54.563Z.