CVE-2026-24794

Name of the Vulnerable Software and Affected Versions CardboardPowered cardboard versions prior to 1.21.4

Description A flaw exists in CardboardPowered cardboard related to improper restriction of operations within the bounds of a memory buffer. This issue is located in the WorldImpl.Java file within the org/cardboardpowered/impl/world modules. The vulnerability is present in the chunk unloading code and can lead to a denial-of-service condition. Exploitation does not require authentication and can occur remotely via network access.

Recommendations Update CardboardPowered cardboard to version 1.21.4 or later.