PT-2026-24122 · Misskey · Misskey

Kakkokari-Gtyih

Published

2026-03-09

Updated

2026-03-13

CVE-2026-28433

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Misskey versions 10.93.0 through 2026.3.0

Description Misskey is a federated social media platform. A flaw exists that allows importing data belonging to other users because of insufficient ownership validation. The potential impact is considered low, as exploitation requires knowledge of the target file ID.

Recommendations Update to version 2026.3.1 or later.

Exploit

Fix

Missing Authorization

IDOR

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-639

Related Identifiers

CVE-2026-28433

GHSA-G6HJ-33H7-6FQ8

Affected Products

Misskey

PT-2026-24122 · Misskey · Misskey

CVE-2026-28433

Weakness Enumeration

Related Identifiers

Affected Products

References · 8