PatchSiren cyber security CVE debrief
CVE-2026-49482 MacWarrior CVE debrief
CVE-2026-49482 is a vulnerability in ClipBucket v5, an open-source video sharing platform. The vulnerability allows an authenticated user to overwrite all video subtitle titles by sending a % character as the number parameter in a single HTTP request to the subtitle editing endpoint. This is due to improper neutralization of SQL wildcard characters. The vulnerability has been patched in version 5.5.3 - #141.
- Vendor
- MacWarrior
- Product
- clipbucket-v5
- CVSS
- MEDIUM 4.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-12
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-12
- Advisory updated
- 2026-06-12
Who should care
Users of ClipBucket v5, especially those with public video sharing platforms, should be aware of this vulnerability. An attacker could exploit this vulnerability to overwrite subtitle titles of videos they own.
Technical summary
The vulnerability has a CVSS score of 4.3 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N. The weakness types are CWE-155 and CWE-943.
Defensive priority
MEDIUM
Recommended defensive actions
- Update ClipBucket v5 to version 5.5.3 - #141 or later.
- Restrict access to the subtitle editing endpoint.
- Monitor for suspicious activity on your ClipBucket v5 instance.
Evidence notes
The vulnerability was published on 2026-06-12T00:16:19.363Z and modified on 2026-06-12T15:56:54.563Z. The source of this information is the NVD, which can be found at [nvd](resourceLinkAnnotations.nvd). Additional information can be found at [cve-org](resourceLinkAnnotations.cve-org) and [ref-4](resourceLinkAnnotations.ref-4).
Official resources
-
CVE-2026-49482 CVE record
CVE.org
-
CVE-2026-49482 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
public