Unknown · Dsa Study Hub · CVE-2026-28678
**Name of the Vulnerable Software and Affected Versions**
DSA Study Hub versions prior to commit d527fba
**Description**
The user authentication system in the application’s `server/routes/auth.js` component had a flaw related to insufficiently protected credentials. Authentication tokens, specifically JWTs, were stored in HTTP cookies without cryptographic protection of the payload. This could potentially allow unauthorized access.
**Recommendations**
Update to commit d527fba or later.