Platform
other
Component
talishar
Fixed in
9.0.1
CVE-2026-28428 describes an authentication bypass vulnerability discovered in Talishar, a fan-made Flesh and Blood project. This flaw allows unauthenticated attackers to perform actions typically requiring authentication, such as sending chat messages and submitting game inputs. The vulnerability affects versions of Talishar prior to commit a9c218e, and a fix is available in that version.
The impact of this vulnerability is significant as it allows complete bypass of Talishar's authentication mechanism. An attacker can impersonate legitimate users and manipulate the game state without any valid credentials. This could lead to disruption of gameplay, unauthorized modifications to game data, and potential abuse of the platform. The lack of authentication enforcement opens the door to malicious actors gaining control over aspects of the game environment.
This vulnerability was publicly disclosed on 2026-03-06. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's impact is relatively contained to the Talishar platform, and there's no indication of active exploitation campaigns. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
0.10% (27% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-28428 is to upgrade Talishar to version a9c218e or later, which includes the fix for the authentication bypass. Since there are no earlier versions available, there are no rollback steps. Review the game endpoint validation logic to ensure robust authentication checks are implemented. Consider implementing additional security layers, such as rate limiting and input validation, to further protect against unauthorized access.
Update Talishar to version a9c218efa37756c9e7eed056fbff6ee03f79aefc or later. This version fixes the authentication bypass vulnerability. The update will prevent unauthenticated attackers from performing actions in the game.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-28428 is a vulnerability in Talishar that allows attackers to bypass authentication by providing an empty authKey, enabling unauthorized game actions. It is rated as MEDIUM severity.
You are affected if you are using Talishar versions prior to a9c218e. Upgrade to the latest version to mitigate the risk.
Upgrade Talishar to version a9c218e or later. This version includes a fix for the authentication bypass vulnerability.
There is currently no evidence of active exploitation of CVE-2026-28428, but it remains a potential risk.
Refer to the Talishar project's commit history and associated documentation for details on the fix and advisory information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.