Access Control Weakness in NamelessMC Forum Software
CVE-2026-33398

7.1HIGH

Key Information:

Vendor

Namelessmc

Status
Nameless
Vendor
CVE Published:
2 June 2026

What is CVE-2026-33398?

NamelessMC forum software for Minecraft servers is susceptible to an access control vulnerability in version 2.2.4. This issue arises from the get_quotes.php file, which inadequately verifies user permissions. Authenticated users with low privileges can exploit this flaw by manipulating post IDs, enabling them to access and read content from hidden, private, or staff-only forums without proper authorization. The lack of enforcement of forum access control lists (ACLs) in the backend exacerbates this vulnerability. The issue was resolved in version 2.2.5.

Affected Version(s)

Nameless = 2.2.4

References

https://github.com/NamelessMC/Nameless/security/advisorie...
x_refsource_CONFIRM

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.