CVE-2026-21854CRITICAL 9.8EPSS p31.5%

CVE-2026-21854CVE-2026-21854

Description

The Tarkov Data Manager is a tool to manage the Tarkov item data. Prior to 02 January 2025, an authentication bypass vulnerability in the login endpoint allows any unauthenticated user to gain full admin access to the Tarkov Data Manager admin panel by exploiting a JavaScript prototype property access vulnerability, combined with loose equality type coercion. A series of fix commits on 02 January 2025 fixed this and other vulnerabilities.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.40% probability of exploitation · percentile 31.5% · 2026-06-18T12:00:27Z
Published2026-01-07
Last modified2026-02-03

Underlying weaknesses· 3

CWE-287CWE-843CWE-1321

References

  1. https://github.com/the-hideout/tarkov-data-manager/commit/f188f0abf766cefe3f1b7b4fc6fe9dad3736174a
  2. https://github.com/the-hideout/tarkov-data-manager/security/advisories/GHSA-r8w6-9xwg-6h73

3

TypeTargetConfidenceTier
WeaknessImproperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')cwe-13210%live
WeaknessImproper Authenticationcwe-2870%live
WeaknessAccess of Resource Using Incompatible Type ('Type Confusion')cwe-8430%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-21856
CVE
CVE-2026-25848
CVE
CVE-2025-24924
CVE
CVE-2026-3294
CVE
CVE-2025-4494
CVE
CVE-2026-49377
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.