Pterodactyl Panel
12 CVEs affecting Pterodactyl Panel. Latest disclosed: 2026-06-02. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-49132 | Critical | 10.0 | 2025-06-20 | Pterodactyl is a free, open-source game server management panel. Prior to version 1.11.11, using the /locales/locale.json with the locale and namespace query p… |
CVE-2021-41129 | High | 8.1 | 2021-10-06 | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token`… |
CVE-2025-69197 | Medium | 6.5 | 2026-01-06 | Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multiple times during its validity window. Us… |
CVE-2024-34067 | Medium | 6.1 | 2024-05-03 | Pterodactyl is a free, open-source game server management panel built with PHP, React, and Go. Importing a malicious egg or gaining access to wings instance co… |
CVE-2024-49762 | Medium | 4.6 | 2024-10-24 | Pterodactyl is a free, open-source game server management panel. When a user disables two-factor authentication via the Panel, a `DELETE` request with their cu… |
CVE-2021-41273 | Medium | 4.3 | 2021-11-17 | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. Due to improperly configured CSRF protections on two routes, a mali… |
CVE-2021-41176 | Medium | 4.3 | 2021-10-25 | Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. In affected versions of Pterodactyl a malicious user can trigger a… |
CVE-2026-35202 | | 2026-06-02 | Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass th… | |
CVE-2026-26016 | | 2026-02-19 | Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.1, a missing authorization check in… | |
CVE-2025-69199 | | 2026-01-19 | Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.12.0, websockets within wings lack prop… | |
CVE-2025-69198 | | 2026-01-19 | Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to the total number of resources (e.g. dat… | |
CVE-2025-68954 | | 2026-01-06 | Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP connections when a user is removed from a… |