Primary

Context

Pterodactyl Client API Database Allocation Limit Bypass Vulnerability

Vulnerability

Patched

A logic flaw in the Pterodactyl Client API prior to version 1.12.3 allows users to bypass assigned limits for database allocations. This vulnerability arises from a broken database locking mechanism in the controllers, which fails to properly lock database operations. As a result, multiple simultaneous requests can exploit this flaw to create more databases than permitted, potentially disrupting the web interface.

Impact

This vulnerability allows users to exceed their allocated database limits, which could lead to resource management issues and interfere with the normal functioning of the web interface.

Remediation

Users can upgrade to Pterodactyl version 1.12.3 or later to address this vulnerability.

Added: Jun 2, 2026, 8:33 PM

Updated: Jun 2, 2026, 8:33 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.0

exploitability

5.0

remediation

7.7

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.0

exploitability

5.0

remediation

7.7

relevance

9.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pterodactyl Client API Database Allocation Limit Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Pterodactyl

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating