QSearchQSearch

CVE-2026-35447

NamelessMC is website software for Minecraft servers

Published: 2026-06-02 · Last updated: 2026-06-02

Severity and scoring

CWE
CWE-201

Description

NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page (modules/Core/pages/profile.php) processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to write wall posts to private or blocking profiles. Additionally, the reply branch does not verify that the target wall post belongs to the current profile, enabling attackers to inject replies into arbitrary wall posts owned by other profiles via a restricted profile URL. This is patched in version 2.2.5.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-46481 OpenMetadata is a unified metadata platform (8.3 HIGH)
  • CVE-2026-42539 IRIS is a web collaborative platform that helps incident responders share technical details during investigations (6.5 MEDIUM)
  • CVE-2026-45739 Strawberry GraphQL is a library for creating GraphQL APIs (3.1 LOW)
  • CVE-2026-4035 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which... (7.7 HIGH)
  • CVE-2026-44653 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (6.5 MEDIUM)