Authorization Flaw in NamelessMC Website Software for Minecraft Servers
CVE-2026-40571

5.3MEDIUM

Key Information:

Vendor: Namelessmc
Status: Nameless
Vendor: CVE Published:; 2 June 2026

What is CVE-2026-40571?

NamelessMC is a software platform designed for creating Minecraft servers. In its version 2.2.4, a significant flaw exists within the Profile Post Reaction Context component. It fails to enforce proper visibility controls for wall posts, allowing low-privileged users to react to posts from private or blocked profiles. This oversight raises serious concerns about user privacy and data protection. NamelessMC version 2.2.5 addresses this issue with a critical patch, underscoring the importance of maintaining updated software to safeguard against such vulnerabilities.

Affected Version(s)

Nameless = 2.2.4

References

https://github.com/NamelessMC/Nameless/security/advisorie...

x_refsource_CONFIRM

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Apr 14, 2026

CVE-2026-40571 Data

JSON

Namelessmc

What is CVE-2026-40571?

Affected Version(s)

References

CVSS V4

Timeline