CVE-2026-35443EPSS p14.2%

CVE-2026-35443CVE-2026-35443

Description

NamelessMC is website software for Minecraft servers. In version 2.2.4, `modules/Forum/classes/ForumPostReactionContext.php` only verifies that the caller can view the forum, but it does not re-enforce topic-level `view_other_topics` authorization. As a result, in forums where users may enter the forum but may only view their own topics, reactions can still be read and modified on other users' topics. Version 2.2.5 fixes the issue.

Scoring

EPSS0.24% probability of exploitation · percentile 14.2% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-35447
CVE
CVE-2026-40314
CVE
CVE-2026-40571
CVE
CVE-2026-33398
CVE
CVE-2026-34460
CVE
CVE-2026-32250
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.