CVE-2026-28432

HIGH

Misskey <2026.3.1 - Auth Bypass

Title source: llm

Description

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

References (1)

Scores

CVSS v3 7.5
EPSS 0.0002
EPSS Percentile 4.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-347
Status published
Products (1)
misskey/misskey < 2026.3.1
Published Mar 10, 2026
Tracked Since Mar 10, 2026