CVE-2026-28428

EPSS 0.19%
Veröffentlicht 06.03.2026 04:59:52
Zuletzt bearbeitet 09.03.2026 13:36:08
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Talishar is a fan-made Flesh and Blood project. Prior to commit a9c218e, an authentication bypass vulnerability in Talishar's game endpoint validation logic allows any unauthenticated attacker to perform authenticated game actions — including sending chat messages and submitting game inputs — by supplying an empty authKey parameter (authKey=). The server-side validation uses a loose comparison that accepts an empty string as a valid credential, while correctly rejecting non-empty but incorrect keys. This asymmetry means the authentication mechanism can be completely bypassed without knowing any valid token. This issue has been patched in commit a9c218e.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerTalishar

≫

Produkt Talishar

Version < a9c218efa37756c9e7eed056fbff6ee03f79aefc

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.19%	0.405

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/Talishar/Talishar/security/advisories/GHSA-2659-p579-wv83

https://github.com/Talishar/Talishar/commit/a9c218efa37756c9e7eed056fbff6ee03f79aefc

https://nvd.nist.gov/vuln/detail/CVE-2026-28428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-28428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-28428

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-28428