Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.1
Talishar Fan Game: Unsecured Game Actions by Malicious Websites
CVE-2026-27632
Summary
The Talishar fan game has a security weakness that allows hackers to trick users into performing unauthorized actions in their games, potentially disrupting their experience. This can happen when a user visits a malicious website while playing, if the hacker knows the user's game details. To stay safe, update to the latest version of the game.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| talishar | talishar | <= 2026-02-22 | – |
Original title
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical st...
Original description
Talishar is a fan-made Flesh and Blood project. Prior to commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48, the Talishar application lacks Cross-Site Request Forgery (CSRF) protections on critical state-changing endpoints, specifically within `SubmitChat.php` and other game interaction handlers. By failing to require unique, unpredictable session tokens, the application allows third-party malicious websites to forge requests on behalf of authenticated users, leading to unauthorized actions within active game sessions. The attacker would need to know both the proper gameName and playerID for the player. The player would also need to be browsing and interact with the infected website while playing a game. The vulnerability is fixed in commit 6be3871a14c192d1fb8146cdbc76f29f27c1cf48.
nvd CVSS3.1
3.1
Vulnerability type
CWE-352
Cross-Site Request Forgery (CSRF)
- https://github.com/Talishar/Talishar/security/advisories/GHSA-73mm-323r-cm3g Exploit Patch Vendor Advisory Mitigation
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026