AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2023-30859: Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload

highvulnerability

security

Source: NVD/CVE DatabaseMay 1, 2023CVE-2023-30859

Summary

Triton is a Minecraft plugin that translates server messages, but it has a vulnerability in its bungee mode (a feature for connecting multiple servers). When bungee mode is enabled, attackers can send a special packet through the 'triton:main' plugin channel to run any command on the server console, potentially making themselves administrators, stealing player information, or changing server settings.

Solution / Mitigation

This issue has been fixed in version 3.8.4.

Vulnerability Details

CVSS Score

7.2(high)

EPSS (30-day exploit probability)

EPSS: 0.4%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-419

Original source: https://nvd.nist.gov/vuln/detail/CVE-2023-30859

First tracked: February 15, 2026 at 08:45 PM

Classified by LLM (prompt v3) · confidence: 95%