CVE-2026-45289
Deferred Deferred - Pending Action
Authentication Token Validation Flaw in CloudburstMC Protocol

Publication date: 2026-06-02

Last updated on: 2026-06-04

Assigner: GitHub, Inc.

Description
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-04
Generated
2026-06-23
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-21
NVD
CVE-2026-45289
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
cloudburstmc protocol to 3.0.0.Beta12-20260420.182526-15 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the CloudburstMC Protocol library used for Minecraft Bedrock Edition. Before version 3.0.0.Beta12-20260420.182526-15, the protocol partially lacks proper validation for FULL type authentication tokens. Specifically, the EncryptionUtils methods that validate authentication payloads for these FULL type tokens do not fully validate them, which can lead to security issues.

Impact Analysis

This vulnerability can impact publicly accessible software that depends on the affected versions of the CloudburstMC Protocol. Because the validation of FULL type authentication tokens is incomplete, an attacker might exploit this to bypass certain authentication checks, potentially leading to unauthorized actions or access within the affected software.

Mitigation Strategies

To mitigate this vulnerability, you should update the CloudburstMC Protocol library to version 3.0.0.Beta12-20260420.182526-15 or later, where the issue has been patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45289. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart