Description
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/misskey-dev/misskey/security/advisories/GHSA-r33c-qg3g-v9cr
Scores
CVSS v3
7.5
EPSS
0.0025
EPSS Percentile
15.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (1)
misskey/misskey
8.45.0 - 2026.3.1
Published
Mar 10, 2026
Tracked Since
Mar 10, 2026