What is the CVSS score of CVE-2026-28678?

CVE-2026-28678 has a CVSS 3.1 base score of 8.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of Dsa Study Hub are affected by CVE-2026-28678?

DSA Study Hub's authentication system contains a credential protection vulnerability (CVE-2026-28678) that could allow attackers to compromise user accounts and access sensitive educational data.. A patch is available.

Dsa Study Hub CVE-2026-28678

HIGH

Missing Encryption of Sensitive Data (CWE-311)

2026-03-07 security-advisories@github.com

Information Disclosure Dsa Study Hub

8.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

Patch released

Mar 11, 2026 - 17:35 nvd

Patch available

CVE Published

Mar 07, 2026 - 16:15 nvd

HIGH 8.1

DescriptionNVD

DSA Study Hub is an interactive educational web application. Prior to commit d527fba, the user authentication system in server/routes/auth.js was found to be vulnerable to Insufficiently Protected Credentials. Authentication tokens (JWTs) were stored in HTTP cookies without cryptographic protection of the payload. This issue has been patched via commit d527fba.

AnalysisAI

DSA Study Hub stores JWT authentication tokens in unencrypted HTTP cookies, allowing attackers to extract and replay user credentials to gain unauthorized access to accounts. An unauthenticated remote attacker can intercept these tokens through network traffic analysis or client-side inspection to impersonate legitimate users. …

RemediationAI

Within 24 hours: Assess current DSA Study Hub deployment and confirm vulnerability presence; notify stakeholders of the risk. Within 7 days: Apply the available patch to server/routes/auth.js (commit d527fba or later) across all production and staging environments; conduct verification testing. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-28678 vulnerability details – vuln.today

Back