NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private or blocking profile posts. Version 2.2.5 contains a patch.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Namelessmc |
|
No data.
No data.
OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.
| Vendors | Products |
|---|---|
| Namelessmc |
|
References
History
Tue, 02 Jun 2026 18:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Namelessmc
Namelessmc nameless |
|
| Vendors & Products |
Namelessmc
Namelessmc nameless |
Tue, 02 Jun 2026 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private or blocking profile posts. Version 2.2.5 contains a patch. | |
| Title | NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization | |
| Weaknesses | CWE-862 | |
| References |
| |
| Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-02T16:44:14.286Z
Reserved: 2026-04-14T13:24:29.474Z
Link: CVE-2026-40571
Vulnrichment
No data.
NVD
Status : Deferred
Published: 2026-06-02T17:16:29.020
Modified: 2026-06-02T17:18:38.120
Link: CVE-2026-40571
Redhat
No data.
OpenCVE Enrichment
Updated: 2026-06-02T19:00:13Z