Medium severityNVD Advisory· Published Jun 2, 2026· Updated Jun 3, 2026
CVE-2026-40571
CVE-2026-40571
Description
NamelessMC is website software for Minecraft servers. In version 2.2.4, core/classes/Misc/ProfilePostReactionContext.php only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private or blocking profile posts. Version 2.2.5 contains a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <=2.2.4
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.