CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Description

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.

Basic Information

ID CVE-2026-45289

Source GitHub_M

Published Jun 2, 2026 at 20:36

Affected Product

Vendor CloudburstMC

Product Protocol

Version < 3.0.0.Beta12-20260420.182526-15

Affected Versions CloudburstMC Protocol < 3.0.0.Beta12-20260420.182526-15

CWE Classification

CWE-287

References

github.com /CloudburstMC/Protocol/security/advisories/GHSA-g2fr-c75x-4hf9

{
    "lastseen": "",
    "description": "CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.",
    "published": "2026-06-02T20:36:02.436Z",
    "modified": "2026-06-02T20:36:02.436Z",
    "type": "cve",
    "title": "CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens",
    "source": "GitHub_M",
    "references": "https://github.com/CloudburstMC/Protocol/security/advisories/GHSA-g2fr-c75x-4hf9",
    "id": "CVE-2026-45289",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287"
    ],
    "cvelist": null,
    "sourceData": "CloudburstMC Protocol < 3.0.0.Beta12-20260420.182526-15",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Protocol",
    "version": "< 3.0.0.Beta12-20260420.182526-15",
    "vendor": "CloudburstMC",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens_CVE-2026-45289