Vulnerability Description
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone script. In this scenario, the absence of internal sanitization allows for directory traversal sequences (e.g., ../) to be processed, potentially leading to unauthorized file access. This issue has been patched in commit 6be3871.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Talishar | Talishar | < 2026-02-22 |
Related Weaknesses (CWE)
References
- https://github.com/Talishar/Talishar/commit/6be3871a14c192d1fb8146cdbc76f29f27c1Patch
- https://github.com/Talishar/Talishar/security/advisories/GHSA-f386-xhcw-jrx8ExploitVendor Advisory
FAQ
What is CVE-2026-28429?
CVE-2026-28429 is a vulnerability with a CVSS score of 7.5 (HIGH). Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement...
How severe is CVE-2026-28429?
CVE-2026-28429 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-28429?
Check the references section above for vendor advisories and patch information. Affected products include: Talishar Talishar.