Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
Misskey Servers Without Update Risk Authentication Bypass
CVE-2026-28432
Summary
Old versions of Misskey's social media platform can be tricked into accepting unauthorized access. This affects all servers, regardless of whether they allow connections with other servers. Update Misskey to version 2026.3.1 to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| misskey | misskey | <= 2026.3.1 | – |
Original title
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulne...
Original description
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.
nvd CVSS4.0
7.1
Vulnerability type
CWE-347
Improper Verification of Cryptographic Signature
Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026