CVE-2026-32321

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-32321
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32321.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32321
Aliases
  • GHSA-2757-6cp4-v7xx
Published
2026-03-18T20:37:51.891Z
Modified
2026-04-02T13:26:28.895182Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
ClipBucket v5 has time-based Blind SQL Injection in ajax.php that leads to Data Exfiltration
Details

ClipBucket v5 is an open source video sharing platform. An authenticated time-based blind SQL injection vulnerability exists in ClipBucket prior to 5.5.3 #80 within the actions/ajax.php endpoint. Due to insufficient input sanitization of the userid parameter, an authenticated attacker can execute arbitrary SQL queries, leading to full database disclosure and potential administrative account takeover. Version 5.5.3 #80 fixes the issue.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-89"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32321.json"
}
References

Affected packages

Git / github.com/macwarrior/clipbucket-v5

Affected ranges

Type
GIT
Repo
https://github.com/macwarrior/clipbucket-v5
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
726d68b0c9d4c702dce2691c2759b6bf84a1691f

Affected versions

5.*
5.3
5.3.1
5.4.0
5.4.1
5.5.0
5.5.1
5.5.2
5.5.2-#103
5.5.2-#106
5.5.2-#114
5.5.2-#117
5.5.2-#120
5.5.2-#123
5.5.2-#129
5.5.2-#133
5.5.2-#135
5.5.2-#138
5.5.2-#140
5.5.2-#147
5.5.2-#152
5.5.2-#162
5.5.2-#163
5.5.2-#164
5.5.2-#182
5.5.2-#187
5.5.2-#25
5.5.2-#38
5.5.2-#4
5.5.2-#45
5.5.2-#58
5.5.2-#69
5.5.2-#74
5.5.2-#82
5.5.2-#86
5.5.2-#90
5.5.2-#98
5.5.3-#10
5.5.3-#46
5.5.3-#50
5.5.3-#61

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32321.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "5.3"
            },
            {
                "fixed": "5.5.3-80"
            }
        ]
    }
]