Auth bypass in Namelessmc Nameless

CVE-2026-35443

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` autho…

Vulnerability class: Broken Access Control

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.

Affected products

Namelessmc Nameless — versions = 2.2.4

Weakness classification (CWE)

CWE-862 — Missing Authorization

References

security-advisories@github.com (x_refsource_CONFIRM)