CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to incorrect handling of network traffic permissions when certain network configurations, such as Native Routing, WireGuard, and Node Encryption, are enabled. An attacker can gain unauthorized access t...

CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance,...

CVE-2026-26016

Summary: CVE-2026-26016 affects Pterodactyl Panel (Wings) prior to 1.12.1 due to missing authorization checks across multiple controllers/endpoints. An authenticated Wings node with a node secret token can access and disclose information about servers on other nodes, retrieve server installation ...

GHSA-G7VW-F8P5-C728 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...

Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization

Summary A missing authorization check in multiple controllers allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a different node. This issue stems from missing logic to verify that the node...

PT-2026-20331

Name of the Vulnerable Software and Affected Versions Pterodactyl Panel versions prior to 1.12.1 Description A missing authorization check allows any user with access to a node secret token to fetch information about any server on a Pterodactyl instance, even if that server is associated with a...

AZL-34902 CVE-2023-26484 affecting package kubevirt for versions less than 1.2.0-1

KubeVirt is a virtual machine management add-on for Kubernetes. In versions 0.59.0 and prior, if a malicious user has taken over a Kubernetes node where virt-handler the KubeVirt node-daemon is running, the virt-handler service account can be used to modify all node specs. This can be misused to...

Improper Input Validation

Overview puppet is an automated configuration management tool. Affected versions of this package are vulnerable to Improper Input Validation. Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed...