Pterodactyl Security Vulnerabilities (CVEs)
Track 9 security vulnerabilities affecting Pterodactyl products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-26016 is an authorization bypass vulnerability in Pterodactyl Panel's Wings control plane that allows any authenticated Wings node to access ...
Feb 19, 2026This vulnerability allows low-privileged users to trigger a database flood in Pterodactyl Panel by exploiting Wings' failure to respect SQLite's param...
Jan 19, 2026This vulnerability allows attackers to perform denial-of-service attacks against Pterodactyl Wings servers by exploiting missing rate limiting and mes...
Jan 19, 2026This CVE describes a race condition vulnerability in Pterodactyl Panel where concurrent requests can bypass resource limits. Malicious users can creat...
Jan 19, 2026This vulnerability in Pterodactyl allows users who were actively connected via SFTP to retain file access even after their permissions are revoked. It...
Jan 6, 2026This vulnerability in Pterodactyl allows attackers to reuse intercepted TOTP 2FA tokens within their 60-second validity window. Users with 2FA enabled...
Jan 6, 2026This vulnerability in Pterodactyl Panel allows cross-site scripting (XSS) attacks when administrators import malicious eggs or access compromised wing...
May 3, 2024This vulnerability in Pterodactyl Wings allows authenticated attackers with server access to read files outside their allocated sandbox directory, pot...
Mar 13, 2024This vulnerability in Pterodactyl Wings allows attackers with existing server access to create arbitrary files and directories on the host system. Thi...
Feb 8, 2023Why Monitor Pterodactyl Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Pterodactyl products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Pterodactyl packages in under 60 seconds. No agents required - completely agentless scanning that works across Pterodactyl deployments.
Free vulnerability database: Access detailed information about every Pterodactyl CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Pterodactyl CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
