Vulnerability in Misskey-dev Misskey

CVE-2026-28432

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects…

EPSS: 0.000 (5.4th percentile) — read the EPSS interpretation.

Affected products

Misskey-dev Misskey — versions < 2026.3.1

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp (x_refsource_CONFIRM)