[MALWARE WARNING] RCE Vulnerability on some modded servers - Bleeding Pipe

For a full summary, please see this blogpost from the Minecraft Malware Prevention Alliance: https://blog.mmpa.info/posts/bleeding-pipe/

On July 29th, 2023, the Minecraft Malware Prevention Alliance (MMPA) released a blogpost detailing the exploitation of some mods on 1.7.10, 1.12.2, and possibly other versions of Forge servers. Malicious actors took advantage of vulnerabilities in how they deserialized data, allowing them to have Remote Code Execution (RCE) on both clients and servers. It is currently unknown what exactly was done, but it can be assumed a malicious payload was being sent to affected devices; there are no known methods to detect if this happened to you.

Table of Contents:

What can I do?

Following the MMPA's guidance:


Pipeblocker is a mod created by the MMPA that can protect against all mods affected by this vulnerability. It can be used on any server or client on Forge 1.7.2-1.12.2.


Player can manually check folders such as .minecraft for suspicious files. Tools such as jSus and jNeedle can also be used to scan folders automatically.

Server Administrators

If you use the mods listed below, it is recommended to update them to the latest version available. For BDLib specifically, the GT New Horizions fork is recommended.

Affected mods






We would like to thank the MMPA for the detailed blogpost explaining the situation and the release of Pipeblocker. If you are interested, you can join their Discord server here: https://discord.gg/5NvpmUttDP.

unascribed also did great work in collecting a larger lists of affected mods, which you can find here.