CVE-2026-45289

Vulnerability

Prior to version 3.0.0.Beta12-20260420.182526-15, the CloudburstMC Protocol library for Minecraft Bedrock Edition has a partial missing validation for FULL type authentication tokens within its EncryptionUtils methods. This vulnerability affects publicly accessible software that depends on the affected versions of the Protocol library [1].

Exploitation

An attacker could exploit this vulnerability by sending specially crafted authentication payloads for FULL type tokens. The exact conditions and steps required for exploitation are not detailed in the available references, but it involves interacting with the EncryptionUtils methods that validate these tokens [1].

Impact

This vulnerability impacts publicly accessible software that relies on the affected versions of the CloudburstMC Protocol library. Successful exploitation could lead to unauthorized actions or data compromise, depending on how the affected software utilizes the validated authentication tokens [1].

Mitigation

The vulnerability has been patched in version 3.0.0.Beta12-20260420.182526-15 of the CloudburstMC Protocol library. Users should upgrade to this version or later. Geyser users should update to Build #1122 or later. A potential workaround involves adding further validation for the xid and xname fields for FULL type tokens [1].