CVE-2026-40571
NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that authenticated low-privileged users can add reactions to private or blocking profile posts. Version 2.2.5 contains a patch.
| CWE | CWE-862 |
| Vendor | namelessmc |
| Product | nameless |
| Published | Jun 2, 2026 |
| Last Updated | Jun 3, 2026 |
Stay Ahead of the Next One
Get instant alerts for namelessmc nameless
Be the first to know when new unknown vulnerabilities affecting namelessmc nameless are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
NamelessMC / Nameless
= 2.2.4