What is CVE-2026-34456?

CVE-2026-34456 is a critical-severity vulnerability in Reviactyl Panel, classified under Improper Access Control. CVSS score: 9.1/10. Published 2026-04-01.

How severe is CVE-2026-34456?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Reviactyl Panel

CVE-2026-34456

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic…

EPSS: 0.000 (10.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Reviactyl Panel — versions >= 26.2.0-beta.1, < 26.2.0-beta.5

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

https://github.com/reviactyl/panel/security/advisories/GHSA-8mcf-rp68-xhfg (x_refsource_CONFIRM)
https://github.com/reviactyl/panel/commit/fe0c29fc62fefe354c9ab8936dfe30fdb586a896 (x_refsource_MISC)
https://github.com/reviactyl/panel/releases/tag/v26.2.0-beta.5 (x_refsource_MISC)

Frequently asked questions

What is CVE-2026-34456?: CVE-2026-34456 is a critical-severity vulnerability in Reviactyl Panel, classified under Improper Access Control. CVSS score: 9.1/10. Published 2026-04-01.
How severe is CVE-2026-34456?: Critical severity. CVSS v3 base score is 9.1 out of 10.