CVE-2026-28678
CVE-2026-28678 pertains to the DSA Study Hub application. Prior to commit d527fba, the authentication system in server/routes/auth.js stored JWTs in HTTP cookies without cryptographic protection of the payload, exposing credential data via insufficiently protected credentials. The issue affects t...