Lucene search
K
PterodactylPanel

9 matches found

CVE
CVE
•added 2021/10/06 8:5 p.m.•111 views

CVE-2021-41129

CVE-2021-41129 affects Pterodactyl Panel. A validation flaw in the two‑factor authentication flow (LoginCheckpointController@__invoke) allows a malicious user to alter the confirmation_token to reference a cache entry containing a user_id, potentially authenticating as an arbitrary user with two‑...

8.1CVSS8.1AI score0.01696EPSS
CVE
CVE
•added 2024/05/03 5:38 p.m.•102 views

CVE-2024-34067

CVE-2024-34067 affects the Pterodactyl panel. The issue allows cross-site scripting (XSS) via importing a malicious egg or gaining access to a wings instance, potentially enabling an administrator account takeover. The vulnerability impacts Egg Docker images and Egg variables (Name, Environment v...

6.1CVSS6AI score0.00457EPSS
CVE
CVE
•added 2021/10/25 4:50 p.m.•85 views

CVE-2021-41176

CVE-2021-41176 describes a cross-site request forgery (CSRF) vulnerability in Pterodactyl Panel where a signed-in user can be logged out if they visit a malicious site that makes a request to the Panel’s sign-out endpoint. This requires targeting a specific Panel instance and only signs the user ...

4.3CVSS4.4AI score0.00503EPSS
CVE
CVE
•added 2021/11/17 7:30 p.m.•82 views

CVE-2021-41273

CVE-2021-41273 affects the Pterodactyl panel where CSRF protections on two routes were improperly configured, allowing a CSRF attack that could trigger: (1) sending a test email and (2) generating a node auto-deployment token. No data exfiltration is described; impact is unsolicited emails or tok...

4.3CVSS4.7AI score0.00379EPSS
CVE
CVE
•added 2019/07/29 2:25 p.m.•61 views

CVE-2019-1020002

CVE-2019-1020002 affects the Pterodactyl Panel before 0.7.14, where a logic error causes credentials/sniffing of 2FA credentials by delaying password verification until after 2FA input. Reported as enabling an attacker to infer account existence under certain login flows (0.7.13 and earlier). The...

7.5CVSS7.5AI score0.01475EPSS
CVE
CVE
•added 2026/02/19 3:55 p.m.•32 views

CVE-2026-26016

Summary: CVE-2026-26016 affects Pterodactyl Panel (Wings) prior to 1.12.1 due to missing authorization checks across multiple controllers/endpoints. An authenticated Wings node with a node secret token can access and disclose information about servers on other nodes, retrieve server installation ...

9.2CVSS5.7AI score0.00316EPSS
CVE
CVE
•added 2026/01/06 12:31 a.m.•29 views

CVE-2025-68954

CVE-2025-68954 affects Pterodactyl’s SFTP subsystem where active SFTP sessions are not revoked when a user is removed or has permissions reduced. Multiple sources describe that credentials are checked at handshake, but not re-validated afterward, allowing a user who was connected to maintain acce...

7.5CVSS6.4AI score0.00218EPSS
CVE
CVE
•added 2026/01/19 7:5 p.m.•22 views

CVE-2025-69198

Pterodactyl panel suffers a race condition in resource locking: before v1.12.0, concurrent requests can bypass per-server resource validation and concurrently create more databases, allocations, or backups than configured, denying resources to other users and potentially exhausting node quotas. T...

6.5CVSS5.6AI score0.00212EPSS
CVE
CVE
•added 2026/01/06 12:44 a.m.•18 views

CVE-2025-69197

Pterodactyl Panel (versions

6.5CVSS6.4AI score0.00321EPSS