Description

Reviactyl is an open-source game server management panel built using Laravel, React, FilamentPHP, Vite, and Go. From version 26.2.0-beta.1 to before version 26.2.0-beta.5, a vulnerability in the OAuth authentication flow allowed automatic linking of social accounts based solely on matching email addresses. An attacker could create or control a social account (e.g., Google, GitHub, Discord) using a victim’s email address and gain full access to the victim's account without knowing their password. This results in a full account takeover with no prior authentication required. This issue has been patched in version 26.2.0-beta.5.

INFO

Published Date :

2026-04-01T20:00:55.743Z

Last Modified :

2026-04-02T14:17:01.180Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-34456 vulnerability.

Vendors Products
Reviactyl
  • Panel
  • Reviactyl
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-34456.

URL Resource
https://github.com/reviactyl/panel/commit/fe0c29fc62fefe354c9ab8936dfe30fdb586a896 cve-icon cve-icon
https://github.com/reviactyl/panel/releases/tag/v26.2.0-beta.5 cve-icon cve-icon
https://github.com/reviactyl/panel/security/advisories/GHSA-8mcf-rp68-xhfg cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact