Privacy Exposure in NamelessMC Website Software for Minecraft Servers
CVE-2026-40314

6.9MEDIUM

Key Information:

Vendor: Namelessmc
Status: Nameless
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-40314?

NamelessMC, a widely used website software designed for managing Minecraft servers, has a vulnerability in version 2.2.4 that allows unauthenticated users to access private profile post reactions. The issue arises from inadequate verification measures in the ProfilePostReactionContext.php file, which only checks for the existence of a wall post without considering visibility restrictions. Consequently, private profiles may reveal sensitive information such as reaction participants and timestamps to unauthorized visitors. This oversight also permits low-privileged authenticated users to interact with private posts, raising significant privacy concerns. The vulnerability is rectified in version 2.2.5.

Affected Version(s)

Nameless = 2.2.4

References

https://github.com/NamelessMC/Nameless/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

6.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40314 Data

JSON

Namelessmc

What is CVE-2026-40314?

Affected Version(s)

References

CVSS V4

Timeline