← voltar
CVE-2026-21854

Tarkov Data Manager Authentication Bypass vulnerability

CVSS 9.8 CRITICALEPSS 0.4%CWE-1321CWE-287CWE-843
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.8EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
07 jan 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
the-hideout · tarkov-data-manager

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/the-hideout/tarkov-data-manager/commit/f188f0abf766cefe3f1b7b4fc6fe9dad3736174ahttps://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-r8w6-9xwg-6h73