SSRF in Misskey-dev Misskey
CVE-2026-57575
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions befor…
Vulnerability class: SSRF (Server-Side Request Forgery)
Affected products
- Misskey-dev Misskey — versions < 2026.6.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)