Auth bypass in Namelessmc Nameless
CVE-2026-33398
NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/pages/forum/get_quotes.php` only checks whether the caller is logged in, then reads a post by attacker-controlled `post` ID and returns its content. The…
EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.
Affected products
- Namelessmc Nameless — versions = 2.2.4
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)