Back to search
CVE-2026-35202
Published: Jun 2, 2026
Modified: Jun 3, 2026
PUBLISHED
Description
Pterodactyl is a free, open-source game server management panel. Prior to version 1.12.3, the Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database locking mechanism used in the controllers is totally broken and doesn't actually lock anything. Version 1.12.3 patches the issue.
| Vendor | Product | Versions |
|---|---|---|
pterodactyl | panel | affected < 1.12.3 |
References
https://github.com/pterodactyl/panel/security/advisories/GHSA-fgmm-w5cx-vrfw
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now