VDB
GO-2026-4329
GO-2026-4329
PUBLISHED
CVSS 9.300000190734863 CRITICAL
Pterodactyl endlessly reprocesses/reuploads activity log data due to SQLite max parameters limit not being considered in github.com/pterodactyl/wings
Risk Scores
CVSS v4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| github.com | pterodactyl/wings | 1.7.0, 1.7.0 |
Timeline
- Feb 3, 2026 CVE Published
- Mar 3, 2026 CVE Updated
- May 1, 2026 Security Advisory
References
- https://github.com/pterodactyl/wings/security/advisories/GHSA-2497-gp99-2m74 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-21696 advisory
- https://github.com/pterodactyl/panel/commit/09caa0d4995bd924b53b9a9e9b4883ac27bd5607 url
- https://github.com/pterodactyl/panel/releases/tag/v1.12.0 url
- https://github.com/pterodactyl/wings/blob/9ffbcdcdb1163da823cf9959b9602df9f7dcb54a/internal/cron/activity_cron.go#L81 url
- https://github.com/pterodactyl/wings/blob/9ffbcdcdb1163da823cf9959b9602df9f7dcb54a/internal/cron/sftp_cron.go#L86 url