PT-2026-45856

Name of the Vulnerable Software and Affected Versions CloudburstMC Protocol versions prior to 3.0.0.Beta12-20260420.182526-15 Description CloudburstMC Protocol, a protocol library for Minecraft Bedrock Edition, contains a flaw where validation for FULL type authentication tokens is partially...

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

CVE-2026-42188

Geyser is a bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. Prior to 2.9.3, a server-side request forgery SSRF vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an...

Insecure Encryption

pocketmine/pocketmine-mp is using insecure encryption. The vulnerability exists in 'Minecraft Bedrock' function, due to authentication and protocol encryption are unchangeable servers are allowed to connect internet directly...

GHSA-H79X-98R2-G6QC Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP

Impact Minecraft Bedrock authentication and its protocol encryption are inseparably linked. One is not complete without the other. This vulnerability affects servers which are able to be directly connected to via the internet i.e. not behind a proxy. If you are using a proxy, please check that it...

Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP

Impact Minecraft Bedrock authentication and its protocol encryption are inseparably linked. One is not complete without the other. This vulnerability affects servers which are able to be directly connected to via the internet i.e. not behind a proxy. If you are using a proxy, please check that it...