Volerion logoVolerion
Volerion logoVolerion

Pterodactyl Wings Websocket Denial-of-Service Vulnerability

Vulnerability

A denial-of-service vulnerability has been identified in Pterodactyl Wings versions prior to 1.12.0. The issue arises from websockets lacking proper rate limiting and throttling, allowing a malicious user to open numerous connections and request data through these sockets. This behavior generates excessive network traffic and overloads the host system's memory and CPU. Furthermore, the absence of limits on the size of messages sent or received enables the exploitation of thousands of websocket connections to transmit large volumes of information, exacerbating the strain on the host network and increasing resource consumption within Wings.

Impact

Exploitation of this vulnerability can lead to a significant denial-of-service condition, causing high resource usage on the host system and disrupting normal operations.

Remediation

Users can upgrade to Pterodactyl Wings version 1.12.0 or later to address this vulnerability.

Added: Jan 19, 2026, 8:27 PM
Updated: Jan 19, 2026, 8:27 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
2.5
exploitability
4.9
remediation
7.7
relevance
2.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.