CNNVD-202601-4971 Information

CNNVD ID

CNNVD-202601-4971

Related CVE

CVE-2026-0963

• CNNVD Published: 2026-01-30

Description (Chinese)

Crafty Controller是Arcadia的一个 Minecraft 服务器控制面板/启动器。 Crafty Controller存在路径遍历漏洞，该漏洞源于File Operations API Endpoint组件存在输入中和漏洞，可能导致经过身份验证的远程攻击者通过路径遍历进行文件篡改和远程代码执行。

Description (English)

Crafty Contractor is a Minecraft server control panel/starter in Arcadia. There is a loophole in the path of Crafty Contractor, which stems from the input and gap in the File Operations API Endpoint component, which may lead to document manipulation and remote code execution by a remote attacker who has been identified through the path.

Hazard Level

Low

Vulnerability Type

路径遍历

Affected Vendor

Arcadia

Published

2026-01-30

Last Modified

2026-02-24

References

https://gitlab.com/crafty-controller/crafty-4/-/issues/660 https://access.redhat.com/security/cve/cve-2026-0963