Authorization Flaw in NamelessMC Website Software for Minecraft Servers
CVE-2026-35447

5.3MEDIUM

Key Information:

Vendor: Namelessmc
Status: Nameless
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-35447?

NamelessMC, the software for managing Minecraft servers, has a flaw in version 2.2.4 that allows users to post on restricted profiles. The profile page fails to properly check if a user is authorized to access the profile before allowing wall post submissions. This oversight permits any user with the 'profile.post' permission to create posts on private profiles. Moreover, the reply functionality lacks adequate verification, enabling users to respond to wall posts belonging to other profiles, thus opening a door for potential abuse. This vulnerability has been addressed in version 2.2.5.

Affected Version(s)

Nameless = 2.2.4

References

https://github.com/NamelessMC/Nameless/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35447 Data

JSON

Namelessmc

What is CVE-2026-35447?

Affected Version(s)

References

CVSS V4

Timeline