Back to CVE List

CVE-2026-35202

LOW SEVERITY

Vulnerability Description

Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Version 1.12.3 patches the issue.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-367
Source
GitHub
Vendor
composer
Product
pterodactyl/panel

External References

Discussion (0)

Add Comment

No comments yet. Be the first!