CVE 9.8 CRITICAL

Tarkov Data Manager Authentication Bypass vulnerability_CVE-2026-21854

January 7, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.

AI Analysis

Authentication bypass vulnerability in the login endpoint of Tarkov Data Manager

Basic Information

ID CVE-2026-21854

Source GitHub_M

Published Jan 7, 2026 at 18:14

Modified Jan 7, 2026 at 18:41

Affected Product

Vendor the-hideout

Product tarkov-data-manager

Version <= 2.0.0

Affected Versions the-hideout tarkov-data-manager <= 2.0.0

CWE Classification

CWE-287 CWE-843 CWE-1321

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor the-hideout

Product Tarkov Data Manager

Version <= 2.0.0

References

{
    "lastseen": "",
    "description": "The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.",
    "published": "2026-01-07T18:14:59.375Z",
    "modified": "2026-01-07T18:41:47.562Z",
    "type": "cve",
    "title": "Tarkov Data Manager Authentication Bypass vulnerability",
    "source": "GitHub_M",
    "references": "https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-r8w6-9xwg-6h73\nhttps://github.com/the-hideout/tarkov-data-manager/commit/f188f0abf766cefe3f1b7b4fc6fe9dad3736174a",
    "id": "CVE-2026-21854",
    "bulletinFamily": "",
    "cwe": [
        "CWE-287",
        "CWE-843",
        "CWE-1321"
    ],
    "cvelist": null,
    "sourceData": "the-hideout tarkov-data-manager <= 2.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "tarkov-data-manager",
    "version": "<= 2.0.0",
    "vendor": "the-hideout",
    "ai_description": "Authentication bypass vulnerability in the login endpoint of Tarkov Data Manager",
    "ai_severity": "Critical",
    "ai_vendor": "the-hideout",
    "ai_product": "Tarkov Data Manager",
    "ai_version": "<= 2.0.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply