Resource exhaustion in Pterodactyl Panel
CVE-2026-35202
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database…
Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)
EPSS: 0.000 (11.6th percentile) — read the EPSS interpretation.
Affected products
- Pterodactyl Panel — versions < 1.12.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)