Loading market data...
← Back to CVE feed

CVE-2026-35443

UNKNOWN View on NVD ↗

Description

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization. As a result, in forums where users may enter the forum but may only view their own topics, reactions can still be read and modified on other users' topics. Version 2.2.5 fixes the issue.

Published: Jun 02, 2026 17:16 UTC Modified: Jun 02, 2026 20:16 UTC