Plattform
other
Komponente
talishar
Behoben in
9.0.1
CVE-2026-28428 describes an authentication bypass vulnerability discovered in Talishar, a fan-made Flesh and Blood project. This flaw allows unauthenticated attackers to perform actions typically requiring authentication, such as sending chat messages and submitting game inputs. The vulnerability affects versions of Talishar prior to commit a9c218e, and a fix is available in that version.
The impact of this vulnerability is significant as it allows complete bypass of Talishar's authentication mechanism. An attacker can impersonate legitimate users and manipulate the game state without any valid credentials. This could lead to disruption of gameplay, unauthorized modifications to game data, and potential abuse of the platform. The lack of authentication enforcement opens the door to malicious actors gaining control over aspects of the game environment.
This vulnerability was publicly disclosed on 2026-03-06. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's impact is relatively contained to the Talishar platform, and there's no indication of active exploitation campaigns. It is not currently listed on the CISA KEV catalog.
Players and administrators of Talishar are at risk. Specifically, those relying on the authentication mechanism for game actions are vulnerable. The risk is heightened for environments where the game is deployed without proper security monitoring.
disclosure
Exploit-Status
EPSS
0.10% (27% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-28428 is to upgrade Talishar to version a9c218e or later, which includes the fix for the authentication bypass. Since there are no earlier versions available, there are no rollback steps. Review the game endpoint validation logic to ensure robust authentication checks are implemented. Consider implementing additional security layers, such as rate limiting and input validation, to further protect against unauthorized access.
Aktualisieren Sie Talishar auf die Version a9c218efa37756c9e7eed056fbff6ee03f79aefc oder höher. Diese Version behebt die Authentifizierungs-Bypass-Schwachstelle. Das Update verhindert, dass nicht authentifizierte Angreifer Aktionen im Spiel ausführen.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-28428 is a vulnerability in Talishar that allows attackers to bypass authentication by providing an empty authKey, enabling unauthorized game actions. It is rated as MEDIUM severity.
You are affected if you are using Talishar versions prior to a9c218e. Upgrade to the latest version to mitigate the risk.
Upgrade Talishar to version a9c218e or later. This version includes a fix for the authentication bypass vulnerability.
There is currently no evidence of active exploitation of CVE-2026-28428, but it remains a potential risk.
Refer to the Talishar project's commit history and associated documentation for details on the fix and advisory information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.