Executive Summary

CVE-2026-35447 is a security vulnerability in NamelessMC version 2.2.4 and earlier that allows users with the profile.post permission to bypass privacy restrictions on profile pages.

The vulnerability occurs because the software processes wall post submissions and replies before verifying if the viewer is authorized to access the profile. This means that any user with the profile.post capability can write posts to private or blocked profiles.

Additionally, the reply functionality does not verify that the target wall post belongs to the current profile, allowing attackers to inject replies into arbitrary wall posts owned by other profiles by using a restricted profile URL.

This issue has been fixed in version 2.2.5 by adding proper authorization checks before processing posts or replies and ensuring replies target the correct profile.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing unauthorized users with low privileges to post content on private or blocked profiles without permission.

Attackers can inject unwanted or malicious content into profiles that are supposed to be private or restricted, potentially leading to privacy violations or misuse of the profile's wall.

Because replies can be injected into arbitrary wall posts of other profiles, attackers might manipulate conversations or post misleading information under another user's profile.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring POST requests to the profile page endpoints, specifically targeting wall post submissions and replies on NamelessMC version 2.2.4 or earlier.

Look for POST requests to modules/Core/pages/profile.php that include parameters for creating wall posts or replies without proper authorization checks.

Commands to detect potential exploitation attempts might include using network traffic inspection tools like tcpdump or Wireshark to filter HTTP POST requests to the profile page URL.

• tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'POST /modules/Core/pages/profile.php'
• Use web server logs to search for POST requests to profile.php with suspicious parameters indicating wall post or reply submissions by low-privileged users.

Additionally, review application logs for any unauthorized wall post creations or replies on private or blocked profiles.

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade NamelessMC to version 2.2.5 or later, where this vulnerability has been patched.

If upgrading is not immediately possible, restrict the profile.post permission to trusted users only, as the vulnerability requires a user with this permission.

Additionally, consider temporarily disabling wall post and reply functionalities or restricting access to profile pages until the patch can be applied.

Review and implement authorization checks before processing any wall post submissions or replies to ensure users can only interact with profiles they are authorized to access.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthorized users to bypass privacy controls on profile pages and inject content into private or blocked profiles. Such unauthorized access and data manipulation could lead to violations of privacy and data protection principles found in regulations like GDPR and HIPAA, which require strict controls over personal data access and integrity.

Specifically, the failure to verify authorization before processing wall posts and replies means that private user information could be exposed or altered without consent, potentially resulting in non-compliance with these standards.

Useful 0 Not Useful 0