CVE-2026-40571
Vulnerability Description
NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private or blocking profile posts. Version 2.2.5 contains a patch.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-862
Source
NVD
Vendor
NamelessMC
Product
Nameless
Discussion (0)
Add Comment
No comments yet. Be the first!