Home / Vulnerability Intelligence / CVE-2026-28678

CVE-2026-28678 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 9, 2026

DSA Study Hub - Authentication Bypass

Published: March 7, 2026Updated: March 9, 2026Remote Exploitable

Overview

DSA Study Hub contains an insufficiently protected credentials vulnerability caused by storing JWT authentication tokens in HTTP cookies without cryptographic payload protection, letting attackers potentially access sensitive authentication data, exploit requires interception of cookies.

Severity & Score

Severity: High

CVSS Score: 8.1

EPSS Score: 3.0%(Probability of exploitation in next 30 days)

Impact

Attackers can access authentication tokens, potentially leading to account compromise or unauthorized access.

Mitigation

Update to the version including commit d527fba or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 8, 2026

🟠 CVE-2026-28678 - High (8.1) DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were sto... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-28678/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-28678
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: unconfirmed
EPSS: 3.0%
Social Posts: 1

CWE

CWE-311

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

EPSS Score

3.0%Probability of exploitation in the next 30 days