Security Advisories - pterodactyl/panel - Packagist

pterodactyl/panel Security Advisories for v1.11.0-rc.2 (3)

[CRITICAL] Pterodactyl Panel Allows Unauthenticated Arbitrary Remote Code Execution

PKSA-7fcd-gcsm-y5fk CVE-2025-49132 GHSA-24wv-6c99-f843

Affected version: <=1.11.10

Reported by:
GitHub
[MEDIUM] Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled

PKSA-r7r5-9g2g-bhnx CVE-2024-49762 GHSA-c479-wq8g-57hr

Affected version: <1.11.8

Reported by:
GitHub
[MEDIUM] Pterodactyl panel's admin area vulnerable to Cross-site Scripting

PKSA-w7w4-x3d5-y8hz CVE-2024-34067 GHSA-384w-wffr-x63q

Affected version: <1.11.6

Reported by:
GitHub