PT-2026-23866 · Unknown · Dsa Study Hub
Toxicbishop
·
Published
2026-03-07
·
Updated
2026-03-12
·
CVE-2026-28678
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
DSA Study Hub versions prior to commit d527fba
Description
The user authentication system in the application’s
server/routes/auth.js component had a flaw related to insufficiently protected credentials. Authentication tokens, specifically JWTs, were stored in HTTP cookies without cryptographic protection of the payload. This could potentially allow unauthorized access.Recommendations
Update to commit d527fba or later.
Exploit
Fix
Missing Encryption of Sensitive Data
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Dsa Study Hub