Description
Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0.
Published: 2026-01-27
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a code injection flaw (CWE‑94) that allows an attacker to execute arbitrary code within the Minecraft‑Rcon‑Manage application. This flaw arises from improper validation of user‑supplied input that is passed to the code generation component, enabling an attacker to inject malicious code and take control of the host system.

Affected Systems

Affected systems include the pilgrimage233 Minecraft‑Rcon‑Manage application, specifically versions preceding 3.0. Any deployment running these earlier versions is susceptible until an update is applied.

Risk and Exploitability

The CVSS score of 10 indicates a critical impact with full exploitation possible. However, the EPSS score is below 1%, suggesting that the likelihood of exploitation in the wild is currently very low. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is the RCON management interface, but the exact mechanism is not explicitly stated; it is inferred that an unauthenticated or authenticated attacker with RCON access could supply malicious code.

Generated by OpenCVE AI on April 18, 2026 at 14:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to Minecraft‑Rcon‑Manage version 3.0 or later to remove the code injection flaw.
  • Restrict RCON access to trusted IP addresses or networks to limit exposure.
  • Ensure the application runs with the least privileged user account and monitor logs for unexpected command execution.

Generated by OpenCVE AI on April 18, 2026 at 14:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 28 Jan 2026 12:30:00 +0000

Type Values Removed Values Added
First Time appeared Pilgrimage233
Pilgrimage233 minecraft-rcon-manage
Vendors & Products Pilgrimage233
Pilgrimage233 minecraft-rcon-manage

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
Description Improper Control of Generation of Code ('Code Injection') vulnerability in pilgrimage233 Minecraft-Rcon-Manage.This issue affects Minecraft-Rcon-Manage: before 3.0.
Title Code injection in Minecraft-Rcon-Manage
Weaknesses CWE-94
References
Metrics cvssV4_0

{'score': 10, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H'}

Subscriptions

Pilgrimage233 Minecraft-rcon-manage
cve-icon MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published:

Updated: 2026-01-27T21:34:59.144Z

Reserved: 2026-01-27T15:46:29.599Z

Link: CVE-2026-24871

cve-icon Vulnrichment

Updated: 2026-01-27T21:06:48.427Z

cve-icon NVD

Status : Deferred

Published: 2026-01-27T16:16:36.507

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-24871

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T15:00:03Z

Weaknesses