CVE-2026-28432

High CVSS: 7.1

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

Vendor

Misskey

Product

Misskey

CWE

CWE-347

Yayın Tarihi

2026-03-10 07:43:35

Güncelleme

2026-03-13 17:18:06

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-347 Misskey HIGH Misskey 2026

Referanslar

https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp

Benzer Kayıtlar

Critical

CVE-2026-28431

Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but p…

Low

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but…

High

CVE-2025-66402

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025…

Medium

CVE-2025-66482

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a…

High

CVE-2025-46340

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, du…

Low

CVE-2025-46553

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1…