CVE-2026-28432
HTTP signature verification can be bypassed
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.
| CWE | CWE-347 |
| Vendor | misskey-dev |
| Product | misskey |
| Published | Mar 9, 2026 |
| Last Updated | Mar 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for misskey-dev misskey
Be the first to know when new unknown vulnerabilities affecting misskey-dev misskey are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
misskey-dev / misskey
< 2026.3.1