Vulnerability in Misskey-dev Misskey

CVE-2026-57574

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows th…

Affected products

Weakness classification (CWE)

References