PT-2026-24120 · Misskey · Misskey
49016
+1
·
Published
2026-03-09
·
Updated
2026-03-13
·
CVE-2026-28431
CVSS v4.0
9.2
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
Misskey versions 8.45.0 through 2026.3.0
Description
Misskey, an open source, federated social media platform, has an issue where insufficient permission checks and proper input validation can allow unauthorized access to data. This can occur regardless of federation status and could lead to a significant data breach.
Recommendations
Update to version 2026.3.1 or later.
Exploit
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Misskey