Auth bypass in Misskey-dev Misskey

CVE-2026-28433

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (2.7th percentile) — read the EPSS interpretation.