Plateforme
other
Composant
talishar
Corrigé dans
9.0.1
CVE-2026-28428 describes an authentication bypass vulnerability discovered in Talishar, a fan-made Flesh and Blood project. This flaw allows unauthenticated attackers to perform actions typically requiring authentication, such as sending chat messages and submitting game inputs. The vulnerability affects versions of Talishar prior to commit a9c218e, and a fix is available in that version.
The impact of this vulnerability is significant as it allows complete bypass of Talishar's authentication mechanism. An attacker can impersonate legitimate users and manipulate the game state without any valid credentials. This could lead to disruption of gameplay, unauthorized modifications to game data, and potential abuse of the platform. The lack of authentication enforcement opens the door to malicious actors gaining control over aspects of the game environment.
This vulnerability was publicly disclosed on 2026-03-06. No public proof-of-concept (PoC) code has been identified at the time of writing. The vulnerability's impact is relatively contained to the Talishar platform, and there's no indication of active exploitation campaigns. It is not currently listed on the CISA KEV catalog.
Players and administrators of Talishar are at risk. Specifically, those relying on the authentication mechanism for game actions are vulnerable. The risk is heightened for environments where the game is deployed without proper security monitoring.
disclosure
Statut de l'Exploit
EPSS
0.10% (percentile 27%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2026-28428 is to upgrade Talishar to version a9c218e or later, which includes the fix for the authentication bypass. Since there are no earlier versions available, there are no rollback steps. Review the game endpoint validation logic to ensure robust authentication checks are implemented. Consider implementing additional security layers, such as rate limiting and input validation, to further protect against unauthorized access.
Mettez à jour Talishar à la version a9c218efa37756c9e7eed056fbff6ee03f79aefc ou ultérieure. Cette version corrige la vulnérabilité de contournement de l'authentification. La mise à jour empêchera les attaquants non authentifiés d'effectuer des actions dans le jeu.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2026-28428 is a vulnerability in Talishar that allows attackers to bypass authentication by providing an empty authKey, enabling unauthorized game actions. It is rated as MEDIUM severity.
You are affected if you are using Talishar versions prior to a9c218e. Upgrade to the latest version to mitigate the risk.
Upgrade Talishar to version a9c218e or later. This version includes a fix for the authentication bypass vulnerability.
There is currently no evidence of active exploitation of CVE-2026-28428, but it remains a potential risk.
Refer to the Talishar project's commit history and associated documentation for details on the fix and advisory information.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.