CNNVD-202601-4970 Information

CNNVD ID

CNNVD-202601-4970

Related CVE

CVE-2026-0805

• CNNVD Published: 2026-01-30

Description (Chinese)

Crafty Controller是Arcadia的一个 Minecraft 服务器控制面板/启动器。 Crafty Controller存在路径遍历漏洞，该漏洞源于Backup Configuration组件存在输入中和漏洞，可能导致经过身份验证的远程攻击者通过路径遍历进行文件篡改和远程代码执行。

Description (English)

Crafty Contractor is a Minecraft server control panel/starter in Arcadia. Crafty Controller has a loophole in the path, which stems from the input and loophole of the Backup Construction component, which may lead to document manipulation and remote code execution by a remote attacker who has been identified through the path.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Arcadia

Published

2026-01-30

Last Modified

2026-02-24

References

https://gitlab.com/crafty-controller/crafty-4/-/issues/650 https://access.redhat.com/security/cve/cve-2026-0805