GHSA-rhq6-9rgh-v45c: Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container
A vulnerability in Pterodactyl Wings allows changing file permissions outside the server container by exploiting symlinks. The function responsible for changing file permissions does not prevent following symlinks, enabling modification of host files' permissions. This affects versions from 1.11.9 up to but not including 1.12.2.
AI Analysis
Technical Summary
The vulnerability exists in the `fchmodat` function call within Pterodactyl Wings (file wings/internal/ufs/fs_unix.go). The call to the Unix system function `fchmodat` lacks the `AT_SYMLINK_NOFOLLOW` flag and does not validate whether the target is a symlink. This allows an attacker with permission to invoke this function to change the permissions of files outside the intended server container by creating symlinks to host files and then performing chmod operations on them. This can lead to unauthorized modification of file permissions on the host system.
Potential Impact
An attacker with limited privileges on the server container can modify file permissions on the host system by exploiting symlinks. This does not directly lead to confidentiality loss or denial of service but can cause integrity issues by altering file permissions outside the container boundary, potentially enabling further attacks or unauthorized access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the Wings service to trusted users only and monitor for suspicious symlink creation or chmod operations. Avoid running Wings with elevated privileges that could increase the impact of this vulnerability.
GHSA-rhq6-9rgh-v45c: Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container
Description
A vulnerability in Pterodactyl Wings allows changing file permissions outside the server container by exploiting symlinks. The function responsible for changing file permissions does not prevent following symlinks, enabling modification of host files' permissions. This affects versions from 1.11.9 up to but not including 1.12.2.
CVSS v3.1
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability exists in the `fchmodat` function call within Pterodactyl Wings (file wings/internal/ufs/fs_unix.go). The call to the Unix system function `fchmodat` lacks the `AT_SYMLINK_NOFOLLOW` flag and does not validate whether the target is a symlink. This allows an attacker with permission to invoke this function to change the permissions of files outside the intended server container by creating symlinks to host files and then performing chmod operations on them. This can lead to unauthorized modification of file permissions on the host system.
Potential Impact
An attacker with limited privileges on the server container can modify file permissions on the host system by exploiting symlinks. This does not directly lead to confidentiality loss or denial of service but can cause integrity issues by altering file permissions outside the container boundary, potentially enabling further attacks or unauthorized access.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the Wings service to trusted users only and monitor for suspicious symlink creation or chmod operations. Avoid running Wings with elevated privileges that could increase the impact of this vulnerability.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-rhq6-9rgh-v45c
- Osv Schema Version
- 1.4.0
- Aliases
- []
- Ecosystems
- ["Go"]
- Database Specific Severity
- MODERATE
- Cvss Version
- 3.1
Threat ID: 6a3ef76827e9c79719fee7a7
Added to database: 06/26/2026, 22:04:24 UTC
Last enriched: 06/26/2026, 22:07:14 UTC
Last updated: 06/27/2026, 01:33:13 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.