High severity7.5NVD Advisory· Published Mar 6, 2026· Updated Apr 20, 2026

CVE-2026-28429

Description

Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871, a Path Traversal vulnerability was identified in the gameName parameter. While the application's primary entry points implement input validation, the ParseGamestate.php component can be accessed directly as a standalone script. In this scenario, the absence of internal sanitization allows for directory traversal sequences (e.g., ../) to be processed, potentially leading to unauthorized file access. This issue has been patched in commit 6be3871.

Affected products

Talishar/Talishar
cpe:2.3:a:talishar:talishar:*:*:*:*:*:*:*:*
Range: <2026-02-22

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/Talishar/Talishar/commit/6be3871a14c192d1fb8146cdbc76f29f27c1cf48nvdPatch
github.com/Talishar/Talishar/security/advisories/GHSA-f386-xhcw-jrx8nvdExploitVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000