Path Traversal in Litematica via Servux Protocol

Path Traversal в Litematica через протокол Servux

A malicious Minecraft server can write arbitrary files to a client's filesystem - leading to remote code execution - by exploiting unvalidated FileName fields in Litematica's NBT-based network protocol.

Discovered by: 数字 & Nightwane Writeup and PoC by: AliensToEarth Target: Litematica + Servux (Fabric) Severity: Critical

Technical Analysis

The Vulnerability

Litematica's Servux protocol uses a custom plugin channel (servux:litematics) to transfer litematic schematics from server to client. The protocol transmits NBT-compound messages over Netty with a FileName field that specifies where on the client's filesystem the received data should be written.

The flaw: the FileName value is never sanitized. By supplying ../../mods/payload.jar, an attacker can traverse out of the intended .minecraft/litematics/ directory and write a file anywhere the Minecraft client process can write - most critically into the mods/ folder.

Protocol Walkthrough

The exploit uses three NBT messages sent over the servux:litematics channel. The server wraps each message in a compound with type=11 (the NBT response type the client expects for litematic transfers):

TransmitStart
{
  "Task": "Litematic-TransmitStart",
  "SliceKey": <random_long>,
  "FileName": "../../mods/poc.litematic.jar",
  "FileType": "litematic",
  "TotalSlices": 1,
  "TotalSize": <payload_size>
}
TransmitData
{
  "Task": "Litematic-TransmitData",
  "SliceKey": <same_key>,
  "Slice": 0,
  "Size": <payload_size>,
  "Data": <raw_jar_bytes>
}
TransmitEnd
{
  "Task": "Litematic-TransmitEnd",
  "SliceKey": <same_key>,
  "TotalSize": <payload_size>,
  "TotalSlices": 1
}

Wire Format

Each message is wrapped in a type-length-value structure before being sent over the Fabric networking API:

[VarInt total_length]
  [VarInt NBT_RESPONSE_DATA_TYPE (11)]
    [VarInt nbt_length]
    [NBT Compound]

The receiving Litematica client reads the type discriminator (11), dispatches to its NBT handler, which parses the compound and - upon seeing TransmitStart - creates a file output stream at the path constructed from FileName without any path traversal checks.

Attack Flow

  1. Join server - the exploit mod (running on the server) hooks ServerPlayConnectionEvents.JOIN and waits 3 seconds (60 ticks).
  2. Send Start - a TransmitStart packet is sent with FileName = "../../mods/malicious.jar".
  3. Send Data - after a 2-tick delay, the raw bytes of a malicious Fabric mod are transmitted as the Data field.
  4. Send End - after another 2 ticks, a TransmitEnd finalizes the transfer. The client closes the file handle.
  5. RCE - the malicious .jar now resides in the victim's mods/ folder. On the next restart, arbitrary code executes in the Minecraft client process.

Impact

Arbitrary File Write

Lets an attacker drop a malicious mod jar into the client's mods/ folder. On next game restart the code executes in the client process - full remote code execution, no additional steps needed.

Stealth

The file transfer happens over the legitimate servux:litematics plugin channel. The victim sees nothing more than a brief Litematica popup saying the received file is in the wrong format - a few seconds of visual noise that most players will ignore or forget immediately.

Affected Versions

Litematica All versions using Servux protocol with NBT-based litematic transfer. Path traversal in FileName field.
Servux The networking layer does not validate incoming FileName values before passing them to the file writer.
Fix Committed in 728116fb - the vulnerable FileName field is removed from transmit packets. The entire file-slicing transmission path (sliceForServux, sendTransmitFile) is deprecated and disabled. All users should update to 0.28.3-sakura.3 or later.

Timeline

2026-07-05

Vulnerability Reported & Fixed

Members of Autism Inc and DupersUnited - 数字 and Nightwane - independently discover the Litematica RCE after investigating a member compromise. They report it to Sakura Ryoko, who commits a fix (728116fb) the same evening. No public announcement is made at this time.

Sakura Ryoko's commit removes the FileName field from transmit packets entirely; the file-slicing machinery behind the path traversal (sliceForServux, sendTransmitFile) is deprecated and disabled. The commit is pushed without any public announcement.

2026-07-06, 19:51

Autism Inc Publishes Warning

Autism Inc posts a public warning detailing the RCE, how a "bad actor" in the duping community had been exploiting it to deploy RATs, and that the vulnerability was independently found by 数字 and Nightwane after investigating an incident where a member was compromised. The post links the exploit to the same individual behind a prior Meteor RCE campaign.

2026-07-06

Silent Commit Discovered

I, upon hearing rumors of the exploit, began investigating. I noticed the silent fix commit in Litematica's repository. After reverse engineering the fix and tracing it back to the vulnerable code path, I independently developed a working proof-of-concept exploit - a Fabric server-side mod that sends crafted NBT payloads to write arbitrary files via the path traversal.

2026-07-06, 23:30

Developer Announces Fix

Sakura Ryoko (Litematica developer) posts a public @everyone announcement in the official MasaModding Discord server. Confirms that the vulnerability was brought to their attention by unfair.advantage (@528586172558082059) and shinxiolio (@1416317364865335357) from Autism Inc and DupersUnited. Details the affected version range (MC 1.21+, introduced in 1.21.5-0.22.2-sakura.4 on 19 May 2025, backported to several branches on 31 Dec 2025) and lists all fixed releases.

This Writeup

This writeup is not by the original discoverers. I (AliensToEarth) was not involved in the early finding or reporting the vulnerability. I became aware of the RCE through community chatter and decided to investigate the source code myself. While doing so, I noticed the developer had pushed a fix commit without any public announcement. I reverse engineered the vulnerability from the diff, developed this PoC independently, and am publishing this technical breakdown for the transparency.

The original vulnerability was found and responsibly disclosed by 数字 and Nightwane from Autism Inc / DupersUnited, who coordinated with the developer to get it patched. The public @everyone announcement was made by Sakura Ryoko on 2026-07-06 at 23:30 UTC+4.

The proof-of-concept code for this writeup is available in the PoC repository.