CNNVD-202601-1117 Information
CNNVD ID
CNNVD-202601-1117
Related CVE
- CNNVD Published: 2026-01-06
Description (Chinese)
Pterodactyl是一款使用PHP、Nodejs和Go构建的开源游戏服务器管理面板。 Pterodactyl 1.11.11及之前版本存在代码问题漏洞,该漏洞源于当用户从服务器实例中移除或其SFTP文件访问权限更改时,未撤销活动的SFTP连接,可能导致用户在被撤销权限后仍能访问文件。
Description (English)
Pterodactyl is an open-source game server that uses PHP, Nodejs and Go to manage the panel. There is a code problem loophole in Pterodactyl 1.11.11 and earlier versions, which results from the undeacted SFTP connection of the active SFTP when the user removes the server example or changes its SFTP file access rights, which may result in the user still having access to the document after it has been revoked.
Hazard Level
High
Vulnerability Type
代码问题
Affected Vendor
个人开发者
Published
2026-01-06
Last Modified
2026-02-24
References
https://github.com/pterodactyl/panel/commit/2bd9d8baddb0e0606e4a9d5be402f48678ac88d5 https://github.com/pterodactyl/panel/releases/tag/v1.12.0 https://github.com/pterodactyl/panel/security/advisories/GHSA-8c39-xppg-479c
Patch
https://github.com/pterodactyl/panel/releases
Share on: