Missing permissions check on group public instance creation
complete
Slone Fallion
There exists a method in which anybody can launch group public instances for any group, even if they do not belong to that group. This was confirmed to be the case with the permission turned off for the "Everyone" role. This does not require any tooling, external programs, direct access to the API, or changes to the VRChat client. This includes groups that are closed and invite-only. The only exception to this is if the member is already banned from the group.
What does this actually mean for you?
- Malicious instances could be opened in opposition to a group's values. For example, a group supporting those who have PTSD from war would not want a group public instance opened in a warzone map.
- Groups that only open moderated instances by policy could have public unmoderated instances opened on their behalf without approval.
- Groups representing staff or brand ambassadors could have public instances opened on their behalf without approval.
I initially informed VRChat of this on 09/11/2024 via the App/Website Security Exploit Report form under ticket #441683. Per the form: "We do not guarantee a response other than the automated "ticket received" notification." And that's all I've gotten. Unfortunately, this means that I have no way of knowing if VRChat is still actively aware of this exploit, if they plan to take ownership, or when a fix is expected.
Precautions you can take as group owners:
Monitor your instance lists. Also monitor your audit logs in Settings -> Logs via the group page on the VRChat website.
I have intentionally left out the method, but it is trivial and only a matter of time before others figure it out, if they haven't already. Staff can check the ticket provided for the method.
Log In
WubTheCaptain
Instances don't expire and group public instances created (maliciously) before this fix are still available. This fix applies to new instances only, by design. Maybe instances created before this fix should've been automatically closed to prevent abusing the old bug?
The VRChat Team (VRCHAT.0000) group public instance I've created is still open and accessible today. (I've reported this specific instance in-app.)
2026.02.07 15:06:08 Debug - Received Notification: <Notification from username:WubTheCaptain, sender user id:usr_6fa4abc5-9952-4a0a-97de-b3598fbf6a5c to usr_6fa4abc5-9952-4a0a-97de-b3598fbf6a5c of type: invite, id: not_5b362da8-0f1a-4a43-9c52-6dbe7276d1ea, created at: 02/07/2026 15:06:04 UTC, details: {{worldId=wrld_67fcaf00-4330-4534-9974-10a0e9b6fc3b:BUGREPORT~group(grp_7ccb6ca3-cd36-4dab-9ab1-7bcf08d794e4)~groupAccessType(public)~region(eu), worldName=tmp}}, type:invite, m seen:False, message: "This is a generated invite to tmp">
Slone Fallion
WubTheCaptain I'm not sure if VRChat would be paying attention to posts in a completed status. You might want to open a new feedback post.
What you request is reasonable, but there are a couple of caveats:
In order to confirm malicious or unintended openings of instances, VRChat would have to know:
- if a member was in a group at the time of the instance being opened.
- if the permissions that group member had at the time of the instance being opened.
- audit information for instances going potentially years back depending on when (or if they ever) clear instances from their databases.
If they are unable to determine if previous instances were authorized or not and do a blanket closure:
- Once an instance is closed, it can never be re-opened. So, if you had an instance (created "classically"/non-VRC+) named #MyGroup in the USE region, you can never host an instance in that world by that name in the USE region again.
- Vote here if you'd like that to change: https://feedback.vrchat.com/feature-requests/p/re-open-closed-instances
This post was marked as
complete
This post was marked as
available in future release
StormRel
Merged in a post:
Group Permission Bypass with VRCX Fix
MondoCat
Fix the bug where ANYONE can make a group instance of ANY type regardless of permissions using VRCX.
WubTheCaptain
WubTheCaptain
MondoCat You've already upvoted this bug report sometime in 2024. Is this new issue not quite the same as the older issue referenced above?
MondoCat
WubTheCaptain I couldnt find it when looking for vrcx and thought that maybe it hadnt been posted yet. Im documenting a bunch of things and submitting things i cant find. I'm looking really hard before posting, I promise!
StormRel
Merged in a post:
Instance Creation Abuse
ImmortalWhisper
Using a script and you can use the api via the selfinvite api and it enables you to be able to invite/create instances under any user or group even if you aren't in said group.
WubTheCaptain
> enables you to be able to invite/create instances under any user
Since the introduction of Secure Instances in VRChat 2022.2.2, you still need to be a friend of said user to create Friends+ instances under another user's name. This is intended.
However, that update spoke nothing of Secure Instances for groups, because groups were released in VRChat 2022.4.2 months later.
WubTheCaptain
That said, ever since instance naming become a thing in VRChat 2025.3.3 and instance reporting also became a thing (mainly for instance names), this has opened a new vector of abuse (which may make those friends or groups liable involuntarily for inappropriate instance titles and worlds).
WubTheCaptain
Unlocked links for invites are a feature, but I'm not sure it's intended that anyone can create group+ instances for groups:
- While not being a member of the group, inviting self to create a group+ instance fails with an error message ("Aw jeez gosh dang! 🤔", "If the instance exists‚ you're not allowed to access it․"), but creates an entry in the group's logs;
- While being a member of the group, but without permissions to create instances, creating a group+ instance via the invite API works (in a group owned by my friend), bypassing the need for membership permissions to create the instances directly.
TESTGR.6291 grp_3803f1fc-7a74-4c0c-bf73-3e92bae253da
WubTheCaptain
This also works for group public instances, without being a member in that group (with create instances permissions removed from members & everyone). All one needs is a group ID and a world ID; group public links are unlocked. For clarification, a shortname isn't required, because an unlocked invite link can be manually constructed (without a nonce or a shortlink).
WubTheCaptain
You also don't need to be a friend of the group owner to create group public instances of arbitrary groups, such as VRChat Team (VRCHAT.0000).
(I dropped this portal to a world that's set private and low traffic.)
StormRel
marked this post as
tracked
MondoCat
Yay!
n a k u
This can lead to a lot of issues with official company groups. As of right now, absolutely any account can create an instance under Rebuff Reality, VKet, or Raindance Immersive as examples, and can do whatever they want inside of these instances which can lead to a negative impact on a group's validity and possibly dissuade advertising friendly environments. Bumping and spreading for visibility!!
Load More
→