Description
CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.
Published: 2026-06-02
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to bypass authentication checks for FULL type tokens in the CloudburstMC Protocol library. The missing validation in EncryptionUtils can be exploited to generate or replay tokens that the library accepts as valid, potentially granting unauthorized access or manipulating session state. The flaw is identified as CWE‑287 and does not directly affect confidentiality or integrity, but enables privilege escalation or unauthorized operations within systems that rely on the protocol for authentication.

Affected Systems

Affected installations use CloudburstMC Protocol library before version 3.0.0.Beta12‑20260420.182526‑15. Publicly accessible applications and services built for Minecraft Bedrock Edition that incorporate this library are potentially impacted.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity. No EPSS score is available and the vulnerability is not listed in CISA KEV, suggesting limited widespread exploitation. The likely attack vector is remote, via network traffic that includes crafted FULL type authentication tokens. An attacker needs to supply a valid token format but does not require privileged execution. Successful exploitation permits bypassing authentication safeguards in the protocol library.

Generated by OpenCVE AI on June 3, 2026 at 04:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade CloudburstMC Protocol library to version 3.0.0.Beta12‑20260420.182526‑15 or later
  • Rebuild and redeploy all dependent applications and services using the patched library
  • Verify authentication flows to reject invalid FULL type tokens

Generated by OpenCVE AI on June 3, 2026 at 04:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Cloudburstmc
Cloudburstmc protocol
Vendors & Products Cloudburstmc
Cloudburstmc protocol

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15.
Title CloudburstMC Protocol: Partially missing validation for FULL type authentication tokens
Weaknesses CWE-287
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Cloudburstmc Protocol
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-03T13:34:19.045Z

Reserved: 2026-05-11T20:14:43.201Z

Link: CVE-2026-45289

cve-icon Vulnrichment

Updated: 2026-06-03T13:34:15.927Z

cve-icon NVD

Status : Received

Published: 2026-06-02T21:16:27.803

Modified: 2026-06-02T21:16:27.803

Link: CVE-2026-45289

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T10:54:44Z

Weaknesses