Home / Vulnerability Intelligence / CVE-2026-28678

CVE-2026-28678 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 7, 2026

DSA Study Hub - Authentication Bypass

Published: March 7, 2026Updated: March 7, 2026Remote Exploitable

Overview

DSA Study Hub contains an insufficiently protected credentials vulnerability caused by storing JWT authentication tokens in HTTP cookies without cryptographic payload protection, letting attackers potentially access sensitive authentication data, exploit requires interception of cookies.

Severity & Score

Severity: High

CVSS Score: 8.1

Impact

Attackers can access authentication tokens, potentially leading to account compromise or unauthorized access.

Mitigation

Update to the version including commit d527fba or later.

References

https://github.com/toxicbishop/DSA-with-tsx/commit/d527fba3b3c15f185b9d1e730322dff9248391e4
https://github.com/toxicbishop/DSA-with-tsx/security/advisories/GHSA-vmxr-562h-rcgg

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-28678
Severity: High
CVSS Score: 8.1
Type: broken_authentication
Status: new

CWE

CWE-311

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N