MEDIUM
XianYuLauncher
CVE published 2026-06-17
CVE-2026-48991
The XianYuLauncher, a Minecraft Java Edition launcher, had a vulnerability in versions prior to 1.5.5. This issue allowed sensitive authentication artifacts to be exposed during a user-initiated login under specific local attack conditions. The vulnerability was caused by a fixed localhost redirect URI without PKCE or state validation. The exploitation of this vulnerability is most likely to occur when an [truncated]