Browse all 20 CVE security advisories affecting Pterodactyl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Pterodactyl is an open-source game server management panel designed to facilitate the deployment and administration of multiplayer game instances. Its architecture allows users to manage multiple servers through a web interface, making it a popular choice for hosting providers and community groups. Security audits have identified approximately twenty Common Vulnerabilities and Exposures (CVEs) associated with the platform, primarily stemming from its complex integration with underlying system services. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often resulting from insufficient input validation in API endpoints or template rendering processes. Privilege escalation flaws have also been documented, allowing lower-privileged users to gain administrative control. These issues typically arise from outdated dependencies or misconfigured permissions within the daemon processes. While no single catastrophic breach has defined its public history, the accumulation of CVEs highlights the importance of rigorous patch management and strict access controls for organizations deploying this software in production environments.
CVE-2025-691982026-01-20CVE-2025-691992026-01-20Showing up to 20 recent security advisories. View all →
This page lists every published CVE security advisory associated with Pterodactyl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.