CVE-2026-27632

Name of the Vulnerable Software and Affected Versions Talishar versions prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48

Description The Talishar application does not have Cross-Site Request Forgery (CSRF) protections on critical endpoints that change application state. Specifically, the SubmitChat.php file and other game interaction handlers are affected. This allows malicious websites to forge requests on behalf of authenticated users, potentially leading to unauthorized actions within active game sessions. An attacker would need to know the gameName and playerID of the player, and the player would need to be browsing the malicious website while playing a game.

Recommendations Update to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48 or later.