CVE-2026-35447
Wall Post Injection in NamelessMC 2.2.4
Publication date: 2026-06-02
Last updated on: 2026-06-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| namelessmc | namelessmc | to 2.2.5 (exc) |
| namelessmc | namelessmc | 2.2.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-201 | The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-35447 is a security vulnerability in NamelessMC version 2.2.4 and earlier that allows users with the profile.post permission to bypass privacy restrictions on profile pages.
The vulnerability occurs because the software processes wall post submissions and replies before verifying if the viewer is authorized to access the profile. This means that any user with the profile.post capability can write posts to private or blocked profiles.
Additionally, the reply functionality does not verify that the target wall post belongs to the current profile, allowing attackers to inject replies into arbitrary wall posts owned by other profiles by using a restricted profile URL.
This issue has been fixed in version 2.2.5 by adding proper authorization checks before processing posts or replies and ensuring replies target the correct profile.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized users with low privileges to post content on private or blocked profiles without permission.
Attackers can inject unwanted or malicious content into profiles that are supposed to be private or restricted, potentially leading to privacy violations or misuse of the profile's wall.
Because replies can be injected into arbitrary wall posts of other profiles, attackers might manipulate conversations or post misleading information under another user's profile.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring POST requests to the profile page endpoints, specifically targeting wall post submissions and replies on NamelessMC version 2.2.4 or earlier.
Look for POST requests to modules/Core/pages/profile.php that include parameters for creating wall posts or replies without proper authorization checks.
Commands to detect potential exploitation attempts might include using network traffic inspection tools like tcpdump or Wireshark to filter HTTP POST requests to the profile page URL.
- tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /modules/Core/pages/profile.php'
- Use web server logs to search for POST requests to profile.php with suspicious parameters indicating wall post or reply submissions by low-privileged users.
Additionally, review application logs for any unauthorized wall post creations or replies on private or blocked profiles.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade NamelessMC to version 2.2.5 or later, where this vulnerability has been patched.
If upgrading is not immediately possible, restrict the profile.post permission to trusted users only, as the vulnerability requires a user with this permission.
Additionally, consider temporarily disabling wall post and reply functionalities or restricting access to profile pages until the patch can be applied.
Review and implement authorization checks before processing any wall post submissions or replies to ensure users can only interact with profiles they are authorized to access.