Lucene search
K
PterodactylWings

10 matches found

CVE
CVE
added 2024/05/03 5:34 p.m.100 views

CVE-2024-34068

CVE-2024-34068 affects Pterodactyl Wings. An authenticated user with access to a game server could bypass access controls in the pull endpoint of Wings, potentially accessing resources on local networks. The issue is addressed in version 1.11.2 ; upgrade is advised. As a workaround, users can ena...

6.4CVSS6.3AI score0.00394EPSS
CVE
CVE
added 2021/06/22 7:20 p.m.89 views

CVE-2021-32699

Wings (Pterodactyl Wings) pre-1.4.4 is affected by a resource-exhaustion vulnerability caused by improper container process limits. A malicious user can exhaust host resources, impacting other clients and potentially taking the physical server offline. Mitigation per multiple sources: upgrade to ...

6.5CVSS6.3AI score0.00267EPSS
CVE
CVE
added 2023/02/08 6:52 p.m.84 views

CVE-2023-25152

Wings (Pterodactyl) contains a privilege/escalation vector in its server control plane: affected Wings Daemon versions allow an attacker with an existing allocated server to create new files/directories on the host, potentially changing resource allocations, promoting containers to privileged mod...

8.8CVSS8.6AI score0.00682EPSS
CVE
CVE
added 2023/02/08 11:43 p.m.79 views

CVE-2023-25168

CVE-2023-25168 affects Pterodactyl Wings (server control plane). Description: UNIX Symbolic Link (Symlink) Following enables deletion of files/directories on the host when a server is allocated; may be used with GHSA-p8r3-83r8-jwj5 to overwrite host files. Root cause: symbolic link handling in Wi...

9.6CVSS8.8AI score0.00956EPSS
CVE
CVE
added 2024/03/13 8:28 p.m.79 views

CVE-2024-27102

CVE-2024-27102 affects Wings (github.com/pterodactyl/wings). It is an improper isolation of server file access vulnerability that enables reading files outside the server’s base directory when an attacker has an existing server controlled by Wings. The public documentation confirms the impact and...

9.9CVSS9.4AI score0.0055EPSS
CVE
CVE
added 2023/05/10 8:7 p.m.63 views

CVE-2023-32080

Summary: CVE-2023-32080 affects Wings (Pterodactyl Panel) prior to v1.7.5 and v1.11.0 prior to v1.11.6. Affected code paths allow an attacker to escalate by injecting commands via the server install script (or user data/environment variables) to gain access to the host running Wings. The issue is...

9CVSS9.2AI score0.00917EPSS
CVE
CVE
added 2024/05/03 5:42 p.m.63 views

CVE-2024-34066

The CVE-2024-34066 issue affects Pterodactyl Wings (github.com/pterodactyl/wings). If the Wings token is leaked (for example via node configuration exposure or accidental posting), an attacker can gain arbitrary file write and read access on the associated node. Root cause: leaked token enabling ...

8.4CVSS6.8AI score0.00544EPSS
CVE
CVE
added 2026/01/06 12:31 a.m.29 views

CVE-2025-68954

CVE-2025-68954 affects Pterodactyl’s SFTP subsystem where active SFTP sessions are not revoked when a user is removed or has permissions reduced. Multiple sources describe that credentials are checked at handshake, but not re-validated afterward, allowing a user who was connected to maintain acce...

7.5CVSS6.4AI score0.00218EPSS
CVE
CVE
added 2026/01/19 7:25 p.m.21 views

CVE-2026-21696

Wings (Pterodactyl) security issue CVE-2026-21696 affects version 1.7.0 through before 1.12.0. The bug arises from not honoring SQLite’s max parameter limit (32766) when deleting activity log entries, causing a query to fail with “too many SQL variables.” As a result, processed activity entries a...

8.3CVSS5.8AI score0.00475EPSS
CVE
CVE
added 2026/01/19 7:17 p.m.14 views

CVE-2025-69199

CVE-2025-69199 affects the Wings websocket endpoints in Pterodactyl. Prior to version 1.12.0, websockets lacked rate limiting and message-size controls, enabling a attacker to open many connections and flood data, risking network saturation and elevated CPU/memory load. Remedies: upgrade to Wings...

8.3CVSS5.5AI score0.00251EPSS