CVE-2026-28428

Name of the Vulnerable Software and Affected Versions Talishar versions prior to commit a9c218e

Description Talishar is a fan-made Flesh and Blood project with an authentication bypass issue in its game endpoint validation logic. An unauthenticated attacker can perform authenticated game actions, including sending chat messages and submitting game inputs, by providing an empty authKey parameter. The server-side validation uses a loose comparison, incorrectly accepting an empty string as a valid credential. This bypass occurs because the authentication mechanism can be circumvented without a valid token. The vulnerable endpoint is the game endpoint.

Recommendations Update Talishar to commit a9c218e or later.