Go modules package
github.com/pterodactyl/wings
pkg:golang/github.com/pterodactyl/wings
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-21696 | — | >= 1.7.0, < 1.12.0 | 1.12.0 | Jan 19, 2026 | Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to | ||
| CVE-2025-69199 | — | < 1.12.0 | 1.12.0 | Jan 19, 2026 | Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request dat | ||
| CVE-2025-68954 | — | < 1.12.0 | 1.12.0 | Jan 6, 2026 | Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was alre | ||
| CVE-2024-34066 | — | < 1.11.12 | 1.11.12 | May 3, 2024 | Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated | ||
| CVE-2024-34068 | — | < 1.11.12 | 1.11.12 | May 3, 2024 | Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the | ||
| CVE-2024-27102 | — | < 1.11.9 | 1.11.9 | Mar 13, 2024 | Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but readin | ||
| CVE-2023-32080 | — | < 1.7.5 | 1.7.5 | May 10, 2023 | Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if | ||
| CVE-2023-25168 | — | < 1.7.4 | 1.7.4 | Feb 8, 2023 | Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attac | ||
| CVE-2023-25152 | — | < 1.7.3 | 1.7.3 | Feb 8, 2023 | Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, prom | ||
| CVE-2021-32699 | — | < 1.4.4 | 1.4.4 | Jun 22, 2021 | Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more re |
- CVE-2026-21696Jan 19, 2026affected >= 1.7.0, < 1.12.0fixed 1.12.0
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Starting in version 1.7.0 and prior to version 1.12.0, Wings does not consider SQLite max parameter limit when processing activity log entries allowing for low privileged user to
- CVE-2025-69199Jan 19, 2026affected < 1.12.0fixed 1.12.0
Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack proper rate limiting and throttling. As a result a malicious user can open a large number of connections and then request dat
- CVE-2025-68954Jan 6, 2026affected < 1.12.0fixed 1.12.0
Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a server instance or has their permissions changes with respect to file access over SFTP. This allows a user that was alre
- CVE-2024-34066May 3, 2024affected < 1.11.12fixed 1.11.12
Pterodactyl wings is the server control plane for Pterodactyl Panel. If the Wings token is leaked either by viewing the node configuration or posting it accidentally somewhere, an attacker can use it to gain arbitrary file write and read access on the node the token is associated
- CVE-2024-34068May 3, 2024affected < 1.11.12fixed 1.11.12
Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the
- CVE-2024-27102Mar 13, 2024affected < 1.11.9fixed 1.11.9
Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but readin
- CVE-2023-32080May 10, 2023affected < 1.7.5fixed 1.7.5
Wings is the server control plane for Pterodactyl Panel. A vulnerability affecting versions prior to 1.7.5 and versions 1.11.0 prior to 1.11.6 impacts anyone running the affected versions of Wings. This vulnerability can be used to gain access to the host system running Wings if
- CVE-2023-25168Feb 8, 2023affected < 1.7.4fixed 1.7.4
Wings is Pterodactyl's server control plane. This vulnerability can be used to delete files and directories recursively on the host system. This vulnerability can be combined with `GHSA-p8r3-83r8-jwj5` to overwrite files on the host system. In order to use this exploit, an attac
- CVE-2023-25152Feb 8, 2023affected < 1.7.3fixed 1.7.3
Wings is Pterodactyl's server control plane. Affected versions are subject to a vulnerability which can be used to create new files and directory structures on the host system that previously did not exist, potentially allowing attackers to change their resource allocations, prom
- CVE-2021-32699Jun 22, 2021affected < 1.4.4fixed 1.4.4
Wings is the control plane software for the open source Pterodactyl game management system. All versions of Pterodactyl Wings prior to `1.4.4` are vulnerable to system resource exhaustion due to improper container process limits being defined. A malicious user can consume more re