PatchSiren cyber security CVE debrief
CVE-2026-45418 MacWarrior CVE debrief
CVE-2026-45418 is a high-severity vulnerability in ClipBucket v5, a open-source video sharing platform. The vulnerability exists in the POST /actions/subtitle_edit.php request, where an authenticated user can inject malicious SQL code via the number parameter. This allows for a boolean-based blind SQL injection attack, enabling the exfiltration of sensitive data. The vulnerability has been patched in version 5.5.3 - #132.
- Vendor
- MacWarrior
- Product
- clipbucket-v5
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-12
Who should care
Users of ClipBucket v5, particularly those with authenticated users who can upload videos and add subtitles.
Technical summary
The vulnerability is caused by a lack of proper input validation in the number parameter of the POST /actions/subtitle_edit.php request. An authenticated user can inject malicious SQL code, allowing for a boolean-based blind SQL injection attack.
Defensive priority
High
Recommended defensive actions
- Update ClipBucket to version 5.5.3 - #132 or later.
- Restrict access to the /actions/subtitle_edit.php request to only trusted users.
- Implement additional security measures, such as input validation and sanitization.
Evidence notes
The vulnerability was reported via a security advisory on GitHub (resourceLinkAnnotations: ref-4).
Official resources
-
CVE-2026-45418 CVE record
CVE.org
-
CVE-2026-45418 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
CVE-2026-45418 was published on 2026-06-11T23:16:23.937Z and modified on 2026-06-12T16:16:28.447Z.