CVE-2026-35443
NamelessMC: Forum reactions bypass the "view own topics only" restriction
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization. As a result, in forums where users may enter the forum but may only view their own topics, reactions can still be read and modified on other users' topics. Version 2.2.5 fixes the issue.
| CWE | CWE-862 |
| Vendor | namelessmc |
| Product | nameless |
| Published | Jun 2, 2026 |
| Last Updated | Jun 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for namelessmc nameless
Be the first to know when new unknown vulnerabilities affecting namelessmc nameless are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
NamelessMC / Nameless
= 2.2.4