← back to blog

how i found a minimessage escape exploit

(2 min read)

on 31/12/25, i was qa testing on new minecraft server, and i found into one of those bugs that looks tiny until you realize how bad it can get.

one of the chat plugins was trying to strip minimessage tags, and then send the result back into chat.

sounds fine, right? except the stripping was pretty bad. it basically did one or 2 passes and called it a day which meant you could escape the sanitization and end up with real minimessage tags still being shown to users.

and once you can inject minimessage tags into the chat you can inject the stuff that tags can do.

what it allowed

  • clickable messages that trigger actions when someone clicks them
  • and the nasty one: if a staff/admin clicks it, the click action runs with their permissions like /op

that last bit is where the "force op" comes in.

it's not some "i can op myself from chat" bs. it's a chat message that tricks an admin into clicking something that executes a command as them type thing

if your staff are the type to click "Click here to verify" in chat or even those "[Steve's Inventory]" type messages that servers have, you can probably guess how this went.

how it works (the minimessage escape)

the core problem is that a bunch of chat plugins don't actually sanitize minimessage properly.

the common broken pattern looks like:

  1. take input
  2. strip tags once or twice
  3. send whatever's left

but minimessage parsing + stripping is tricky. if your sanitizer only strips the first valid looking tag, you can construct input where:

  • the first part is a tag that gets stripped
  • the remaining text still contains a valid tag sequence
  • that second tag sequence is what actually gets sent

simple example:

  • normal message: <red>message
  • sanitizer strips it to message

but with an escape technique, you can make something that results in the sanitizer removing one "layer", and leaving behind another layer that's still parseable.

the reason this happens is basically the plugin thinks it "removed minimessage" because it saw a tag and removed it once. but it didn’t actually convert the input to plain text safely.

and once you can keep tags alive post-sanitize, you can move from harmless colors to interactive tags (click events).

why this is a big deal

a lot of servers let players/staff click stuff in chat:

  • "click to teleport back"
  • "click to accept rules"
  • "click to link your discord"
  • "[Steve's Enderchest]"

so if you can inject your own clickable components into chat, you can blend in with "normal server plugin logic" and make people click.

and if the click action is something that triggers commands, you’ve basically turned chat into a forceop trap.

timeline

  • 31/12/25 - found and tested during qa testing
  • 01/01/26 - tested again on BattlePie to confirm it wasn’t a one-off
  • 14/03/26 — it got leaked, and other people tried to take credit for it

why i’m posting this now

i reported it when i found it to the minecraft server i was qa testing for.

i’m posting now because:

  1. this type of bug keeps reappearing (because people keep "sanitizing" minimessage in the dumbest ways possible)
  2. after i tested it elsewhere, a group i used to be around ("the method") saw it, and later it got posted in a big discord ("autism inc", ~45k members) with the owners of the group claiming it as theirs. i’m not here to start an argument - i just want the record to exist.