Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

pterodactyl — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting pterodactyl. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Pterodactyl is an open-source game server management panel designed to facilitate the deployment and administration of multiplayer game instances. Its architecture allows users to manage multiple servers through a web interface, making it a popular choice for hosting providers and community groups. Security audits have identified approximately twenty Common Vulnerabilities and Exposures (CVEs) associated with the platform, primarily stemming from its complex integration with underlying system services. Historically, the most prevalent vulnerability classes include Remote Code Execution (RCE) and Cross-Site Scripting (XSS), often resulting from insufficient input validation in API endpoints or template rendering processes. Privilege escalation flaws have also been documented, allowing lower-privileged users to gain administrative control. These issues typically arise from outdated dependencies or misconfigured permissions within the daemon processes. While no single catastrophic breach has defined its public history, the accumulation of CVEs highlights the importance of rigorous patch management and strict access controls for organizations deploying this software in production environments.

Top products by pterodactyl: panel wings Pterodactyl Panel
CVE IDTitleCVSSSeverityPublished
CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization — panelCWE-639 8.1 -2026-02-19
CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered — wingsCWE-400 7.1AIHighAI2026-01-19
CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances — panelCWE-400 7.5AIHighAI2026-01-19
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted — panelCWE-400 6.5AIMediumAI2026-01-19
CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window — panelCWE-287 6.5 Medium2026-01-06
CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced — panelCWE-613 6.5 -2026-01-06
CVE-2025-49132 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution — panelCWE-94 10.0 Critical2025-06-20
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled — panelCWE-313 4.6 Medium2024-10-24
CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings — wingsCWE-552 8.5 High2024-05-03
CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel — panelCWE-79 6.1 Medium2024-05-03
CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings — wingsCWE-284 6.4 Medium2024-05-03
CVE-2024-27102 Improper isolation of server file access in github.com/pterodactyl/wings — wingsCWE-22 10.0 Critical2024-03-13
CVE-2023-32080 Wings vulnerable to escape to host from installation container — wingsCWE-250 9.1 Critical2023-05-10
CVE-2023-25168 Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings — wingsCWE-59 9.6 Critical2023-02-08
CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings — wingsCWE-59 8.4 High2023-02-08
CVE-2021-41273 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys — panelCWE-352 4.3 Medium2021-11-17
CVE-2021-41176 logout CSRF in Pterodactyl Panel — panelCWE-352 4.3 Medium2021-10-25
CVE-2021-41129 Authentication bypass in Pterodactyl — panelCWE-502 8.1 High2021-10-06
CVE-2021-32699 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings — wingsCWE-400 6.5 Medium2021-06-22
CVE-2019-1020002 Pterodactyl 信息泄露漏洞 — Pterodactyl Panel 7.5 -2019-07-29

This page lists every published CVE security advisory associated with pterodactyl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.