ByteOS Network

NVD Vulnerability Details :

CVE-2026-42846

Received

Source-security-advisories@github.com

Published At-11 Jun, 2026 | 23:16

Updated At-12 Jun, 2026 | 14:16

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - #140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly into shell commands without escaping then executed, so any shell metacharacter in the URL is interpreted. This results in arbitrary command execution. This issue has been patched in version 5.5.3 - #140.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.8	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-78	Secondary	security-advisories@github.com

CWE ID: CWE-78

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-hvfx-hxmr-28c7	security-advisories@github.com	N/A
https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-hvfx-hxmr-28c7	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-hvfx-hxmr-28c7

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-hvfx-hxmr-28c7

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History