Medium severityNVD Advisory· Published Jun 2, 2026· Updated Jun 2, 2026
CVE-2026-35443
CVE-2026-35443
Description
NamelessMC is website software for Minecraft servers. In version 2.2.4, modules/Forum/classes/ForumPostReactionContext.php only verifies that the caller can view the forum, but it does not re-enforce topic-level view_other_topics authorization. As a result, in forums where users may enter the forum but may only view their own topics, reactions can still be read and modified on other users' topics. Version 2.2.5 fixes the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=2.2.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.