Vulnerability in Macwarrior Clipbucket-v5

CVE-2026-25728

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - #40, a Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability exists in ClipBucket's avatar and background image upload functionality. The application mov…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

EPSS: 0.001 (17.4th percentile) — read the EPSS interpretation.

Affected products

Macwarrior Clipbucket-v5 — versions < 5.5.3 - #40

Weakness classification (CWE)

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition

References

https://github.com/MacWarrior/clipbucket-v5/security/advisories/GHSA-xq7c-m5r2-9wqj (x_refsource_CONFIRM)
https://github.com/MacWarrior/clipbucket-v5/commit/09536e6e2ca6d69a2ee83190b588c0b8116dd16d (x_refsource_MISC)