CVE-2026-27632

Talishar Vulnerable to Cross-Site Request Forgery (CSRF)

Description

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game interaction handlers. By failing to require unique, unpredictable session tokens, the application allows third-party malicious websites to forge requests on behalf of authenticated users, leading to unauthorized actions within active game sessions. The attacker would need to know both the proper gameName and playerID for the player. The player would also need to be browsing and interact with the infected website while playing a game. The vulnerability is fixed in commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48.

INFO

Published Date :

2026-02-25T02:52:10.061Z

Last Modified :

2026-02-26T21:33:41.129Z

Source :

GitHub_M

AFFECTED PRODUCTS

The following products are affected by CVE-2026-27632 vulnerability.

Vendors	Products
Talishar	Talishar

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-27632.

URL	Resource
https://github.com/Talishar/Talishar/security/advisories/GHSA-73mm-323r-cm3g

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact