NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-35202

Summary	Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Version 1.12.3 patches the issue.
Publication Date	June 3, 2026, 5:16 a.m.
Registration Date	June 4, 2026, 4:15 a.m.
Last Update	June 3, 2026, 5:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/pterodactyl/panel/security/advisories/GHSA-fgmm-w5cx-vrfw	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-367	Time-of-check Time-of-use (TOCTOU) 競合状態	https://cwe.mitre.org/data/definitions/367.html
2	CWE-770	制限またはスロットリング無しのリソースの割り当て	https://cwe.mitre.org/data/definitions/770.html