CVE-2026-42188: Geyser Minecraft Bridge SSRF Vulnerability

CVE-2026-42188 Overview

CVE-2026-42188 is a server-side request forgery (SSRF) vulnerability in Geyser, an open-source bridge between Minecraft: Bedrock Edition and Minecraft: Java Edition. The flaw exists in versions prior to 2.9.3 and resides in how Geyser handles Bedrock player head texture data. An authenticated Bedrock client can supply a crafted Base64-encoded skin texture URL through the /give command, causing the Minecraft server to issue arbitrary HTTP GET requests to attacker-controlled or internal endpoints. The vulnerability is classified under CWE-918 and was fixed in Geyser 2.9.3.

Critical Impact

An attacker with privileged access to the /give command can force the Geyser-enabled Minecraft server to send outbound HTTP requests to internal infrastructure, enabling reconnaissance of otherwise inaccessible network resources.

Affected Products

• Geyser versions prior to 2.9.3
• Minecraft servers running Geyser as a Bedrock-to-Java bridge
• Deployments accepting Bedrock client connections through Geyser

Discovery Timeline

• 2026-05-11 - CVE-2026-42188 published to NVD
• 2026-05-13 - Last updated in NVD database

Technical Details for CVE-2026-42188

Vulnerability Analysis

Geyser translates protocol differences between Minecraft: Bedrock Edition clients and Minecraft: Java Edition servers. Part of that translation includes handling player skin texture data, which Java Edition represents as Base64-encoded JSON containing a texture URL. When a Bedrock client uses the /give command to issue a player head item, Geyser decodes the embedded Base64 payload and processes the referenced texture URL server-side. Geyser then performs an HTTP GET request against that URL without validating its destination. An attacker can therefore craft a payload pointing to internal services, cloud metadata endpoints, or external attacker infrastructure. The request originates from the server process, granting access to network locations a remote client could not normally reach.

Root Cause

The root cause is missing URL validation in Geyser's Bedrock player head texture processing path. The handler accepts any URL embedded in the Base64-encoded skin data and dispatches an outbound HTTP GET without enforcing an allowlist of trusted texture hosts or blocking internal address ranges. This is a classic SSRF pattern documented as CWE-918.

Attack Vector

Exploitation requires a Bedrock client connection and high privileges, specifically the ability to invoke the /give command, which typically requires operator status. The attacker constructs a player head item payload containing a Base64-encoded JSON object whose textures.SKIN.url field points at an internal or attacker-controlled HTTP endpoint. When Geyser processes the item, it issues the GET request from the server. User interaction is required because the crafted item must be triggered through the command path. The vulnerability discloses limited information through response timing, error messages, and observable side effects on attacker-controlled endpoints.

No public proof-of-concept code is available. Refer to the GitHub Security Advisory GHSA-xcfg-fcr5-gw9r for the maintainer's technical description.

Detection Methods for CVE-2026-42188

Indicators of Compromise

• Unexpected outbound HTTP GET requests from the Geyser/Minecraft server process to internal IP ranges such as 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, or to cloud metadata addresses like 169.254.169.254.
• HTTP requests from the server with a Java HTTP client User-Agent targeting non-texture hosts.
• Audit log entries showing /give commands issuing player head items with abnormally large or unusual NBT texture payloads.

Detection Strategies

• Inspect server access logs and outbound proxy logs for requests originating from the Minecraft server JVM to hosts outside the expected Mojang or texture CDN domains.
• Decode and inspect NBT data on player head items granted via /give to identify Base64-encoded texture URLs referencing private or non-standard hosts.
• Correlate Geyser version inventory against the fixed release of 2.9.3 to identify exposed instances.

Monitoring Recommendations

• Route Geyser outbound traffic through a forwarding proxy and alert on connections to RFC1918 ranges and link-local addresses.
• Monitor for repeated /give command usage with minecraft:player_head items containing custom texture data.
• Enable detailed network telemetry on the host running Geyser and ingest it into a SIEM for behavioral analysis.

How to Mitigate CVE-2026-42188

Immediate Actions Required

• Upgrade Geyser to version 2.9.3 or later, which contains the official fix for the SSRF flaw.
• Restrict operator-level permissions and the /give command to trusted accounts only.
• Place the Minecraft server in a network segment that cannot reach internal management interfaces or cloud metadata services.

Patch Information

The Geyser maintainers fixed CVE-2026-42188 in release 2.9.3. The patch adds URL validation to the Bedrock skin texture handling path. See the GitHub Security Advisory GHSA-xcfg-fcr5-gw9r for release notes and commit references.

Workarounds

• Block outbound HTTP and HTTPS traffic from the Minecraft server to internal subnets and cloud metadata endpoints at the firewall level.
• Disable or tightly restrict the /give command for Bedrock clients until the upgrade is applied.
• Run the Geyser process under a network namespace or container with egress filtering enforced.

# Example iptables egress restriction for the Geyser server host
iptables -A OUTPUT -m owner --uid-owner minecraft -d 169.254.169.254 -j DROP
iptables -A OUTPUT -m owner --uid-owner minecraft -d 10.0.0.0/8 -j DROP
iptables -A OUTPUT -m owner --uid-owner minecraft -d 172.16.0.0/12 -j DROP
iptables -A OUTPUT -m owner --uid-owner minecraft -d 192.168.0.0/16 -j DROP