Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.2
Misskey social media platform exposes sensitive data to unauthorized access
CVE-2026-28431
Summary
If you're running an older version of Misskey, a security issue could allow hackers to see sensitive information they shouldn't be able to. This puts your data at risk of being stolen. Update to the latest version, 2026.3.1, to fix the problem.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| misskey | misskey | > 8.45.0 , <= 2026.3.1 | – |
Original title
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to da...
Original description
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.
nvd CVSS4.0
9.2
Vulnerability type
CWE-285
Improper Authorization
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026