Auth bypass in Namelessmc Nameless

CVE-2026-40571

NamelessMC is website software for Minecraft servers. In version 2.2.4, `core/classes/Misc/ProfilePostReactionContext.php` only verifies that the wall post exists and does not enforce blocked/private-profile visibility. This means that aut…

Vulnerability class: Broken Access Control

EPSS: 0.000 (11.8th percentile) — read the EPSS interpretation.