CVE-2026-45289 - Vulnerability Details

CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Cloudburstmc	Protocol

No data.

References

Link	Providers
https://github.com/CloudburstMC/Protocol/security/advisories/GHSA-g2fr-c75x-4hf9

History

Wed, 03 Jun 2026 14:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 03 Jun 2026 12:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cloudburstmc Cloudburstmc protocol
Vendors & Products		Cloudburstmc Cloudburstmc protocol

Wed, 03 Jun 2026 02:30:00 +0000

Type	Values Removed	Values Added
Description		CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.
Title		CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens
Weaknesses		CWE-287
References		https://github.com/CloudburstMC/Protocol/security/advisories/GHSA-g2fr-c75x-4hf9
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-02T20:36:02.436Z

Updated: 2026-06-03T13:34:19.045Z

Reserved: 2026-05-11T20:14:43.201Z

Link: CVE-2026-45289

Vulnrichment

Updated: 2026-06-03T13:34:15.927Z

NVD

Status : Received

Published: 2026-06-02T21:16:27.803

Modified: 2026-06-02T21:16:27.803

Link: CVE-2026-45289

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object