Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Pterodactyl — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting Pterodactyl. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by Pterodactyl:panelwingsPterodactyl Panel
CVE IDTitleCVSSSeverityPublished
CVE-2026-26016 Pterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing Authorization — panelCWE-639 8.1 -2026-02-19
CVE-2026-21696 Endless reprocessing/reupload of activity log data due to SQLite max parameters limit not being considered — wingsCWE-400 7.1AIHighAI2026-01-19
CVE-2025-69199 Pterodactyl Wings's websocket endpoints have no visible rate limits or monitoring, allowing for DOS attacks under certain circumstances — panelCWE-400 7.5AIHighAI2026-01-19
CVE-2025-69198 Pterodactyl's improper resource locking allows raced queries to create more resources than alloted — panelCWE-400 6.5AIMediumAI2026-01-19
CVE-2025-69197 Pterodactyl TOTPs can be reused during validity window — panelCWE-287 6.5 Medium2026-01-06
CVE-2025-68954 Pterodactyl does not revoke SFTP access when server is deleted or permissions reduced — panelCWE-613 6.5 -2026-01-06
CVE-2025-49132 Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution — panelCWE-94 10.0 Critical2025-06-20
CVE-2024-49762 Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled — panelCWE-313 4.6 Medium2024-10-24
CVE-2024-34066 Arbitrary File Write/Read in Pterodactyl wings — wingsCWE-552 8.5 High2024-05-03
CVE-2024-34067 Multiple cross site scripting (XSS) vulnerabilities in the admin area of Pterodactyl panel — panelCWE-79 6.1 Medium2024-05-03
CVE-2024-34068 Server-side Request Forgery during remote file pull in Pterodactyl wings — wingsCWE-284 6.4 Medium2024-05-03
CVE-2024-27102 Improper isolation of server file access in github.com/pterodactyl/wings — wingsCWE-22 10.0 Critical2024-03-13
CVE-2023-32080 Wings vulnerable to escape to host from installation container — wingsCWE-250 9.1 Critical2023-05-10
CVE-2023-25168 Symbolic Link (Symlink) Following allowing the deletion of files and directories on the host system in wings — wingsCWE-59 9.6 Critical2023-02-08
CVE-2023-25152 Symbolic Link (Symlink) Following in github.com/pterodactyl/wings — wingsCWE-59 8.4 High2023-02-08
CVE-2021-41273 Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys — panelCWE-352 4.3 Medium2021-11-17
CVE-2021-41176 logout CSRF in Pterodactyl Panel — panelCWE-352 4.3 Medium2021-10-25
CVE-2021-41129 Authentication bypass in Pterodactyl — panelCWE-502 8.1 High2021-10-06
CVE-2021-32699 Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings — wingsCWE-400 6.5 Medium2021-06-22
CVE-2019-1020002 Pterodactyl 信息泄露漏洞 — Pterodactyl Panel 7.5 -2019-07-29

This page lists every published CVE security advisory associated with Pterodactyl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.