Minecraft Bedrock Dedicated Server
Monthly
Remote code execution in Minecraft Bedrock Dedicated Server allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code via a specially crafted packet, per CVSS:3.1/AV:N/AC:L/PR:N/UI:N (9.8 Critical). The flaw (CWE-122 heap-based buffer overflow) was reported by Microsoft, which has released a fix; there is no public exploit identified at time of analysis and no EPSS or CISA KEV data was supplied, so exploitation remains theoretical but the pre-auth, low-complexity profile makes it high-priority to patch.
Remote code execution in Minecraft Bedrock Dedicated Server allows an unauthenticated network attacker to corrupt heap memory and run arbitrary code via a specially crafted packet, per CVSS:3.1/AV:N/AC:L/PR:N/UI:N (9.8 Critical). The flaw (CWE-122 heap-based buffer overflow) was reported by Microsoft, which has released a fix; there is no public exploit identified at time of analysis and no EPSS or CISA KEV data was supplied, so exploitation remains theoretical but the pre-auth, low-complexity profile makes it high-priority to patch.