Information Exposure Affecting pterodactyl/panel package, versions <1.12.3


Severity

Recommended
0.0
medium
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

Exploit Maturity
Proof of Concept

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PHP-PTERODACTYLPANEL-17660508
  • published27 Jun 2026
  • disclosed26 Jun 2026
  • creditUnknown

Introduced: 26 Jun 2026

New CVE NOT AVAILABLE CWE-204  (opens in a new tab)

How to fix?

Upgrade pterodactyl/panel to version 1.12.3 or higher.

Overview

pterodactyl/panel is a game management panel.

Affected versions of this package are vulnerable to Information Exposure via the email update process. An attacker can determine whether specific email addresses are registered by sending repeated requests and observing the system's responses. This is only exploitable if the attacker has a valid authenticated account.

References

CVSS Base Scores

version 4.0
version 3.1