CVE-2026-35443

Sažetak

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization. As a result, in forums where users may enter the forum but may only view their own topics, reactions can still be read and modified on other users' topics. Version 2.2.5 fixes the issue.

Reference

https://github.com/NamelessMC/Nameless/security/advisories/GHSA-wcrf-5gcp-pf64
https://github.com/NamelessMC/Nameless/security/advisories/GHSA-wcrf-5gcp-pf64

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

02-06-2026 - 20:16

Objavljeno

02-06-2026 - 17:16