CVE-2026-28432

EUVD-2026-10367
Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
misskeymisskey
𝑥
< 2026.3.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp