By weakness (CWE)
CWE-302: related vulnerabilities
CVEs classified under CWE-302. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-34460MEDIUM 5.4
NamelessMC, a website platform for Minecraft servers, contains a vulnerability in how it handles OAuth authentication callbacks. When a user logs in via OAuth (a third-party authentication method), the application fails to verify a security token called a 'state parameter' before accepting the login. An attacker can exploit this by crafting a malicious link that tricks a victim into logging in with the attacker's own account credentials. Once clicked, the victim's session becomes authenticated as the attacker, potentially granting unauthorized access to the victim's account on that NamelessMC instance. The vulnerability affects NamelessMC versions 2.2.4 and earlier.