CVE-2026-21854

Name of the Vulnerable Software and Affected Versions Tarkov Data Manager versions prior to 02 January 2025

Description The Tarkov Data Manager, a tool for managing Tarkov item data, contains an authentication bypass issue in the login endpoint. This allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel. The issue is due to a JavaScript prototype property access vulnerability combined with loose equality type coercion. The vulnerability was addressed with a series of fix commits on 02 January 2025. The API endpoint affected is /login. The vulnerability allows bypassing authentication through manipulation of the username and password parameters.

Recommendations Versions prior to 02 January 2025 should be updated to the latest version to address this authentication bypass.