Is Dsa Study Hub affected by CVE-2026-28678?

DSA Study Hub's authentication system contains a credential protection vulnerability (CVE-2026-28678) that could allow attackers to compromise user accounts and access sensitive educational data.

CVE-2026-28678

HIGH

2026-03-07 [email protected]

8.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch Released

Mar 11, 2026 - 17:35 nvd

Patch available

CVE Published

Mar 07, 2026 - 16:15 nvd

HIGH 8.1

Description

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.

Analysis

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. …

Remediation

Within 24 hours: Assess current DSA Study Hub deployment and confirm vulnerability presence; notify stakeholders of the risk. Within 7 days: Apply the available patch to server/routes/auth.js (commit d527fba or later) across all production and staging environments; conduct verification testing. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +40

POC: 0

CVE-2026-28678 vulnerability details – vuln.today

Back

CVE-2026-28678

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-28678

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code