CVE-2026-37470

HIGH

ClipBucket v5 v.5.5.2 - Remote Code Execution via Authentication Interface

Title source: llm

Description

An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components

References (2)

Core 2

Core References

http://clipbucket.com

https://medium.com/@arpit03sharma2003/cve-2026-37470-clickjacking-vulnerability-in-clipbucket-v5-leads-to-credential-theft-and-8415def7804a

Scores

CVSS v3 7.3

EPSS 0.0045

EPSS Percentile 35.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-1021

Status published

Published May 22, 2026

Tracked Since May 22, 2026