Misskey
Monthly
Misskey versions 10.93.0 through 2026.3.0 allow authenticated users to import arbitrary user data due to insufficient ownership validation, enabling attackers with knowledge of target file IDs to access other users' information. The vulnerability requires valid login credentials and knowledge of specific file identifiers, limiting its practical impact. No patch is currently available.
federated social media platform. All Misskey server versions up to 2026.3.1 is affected by improper verification of cryptographic signature.
Misskey is an open source, federated social media platform.
Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.
Misskey is an open source, federated social media platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Misskey versions 10.93.0 through 2026.3.0 allow authenticated users to import arbitrary user data due to insufficient ownership validation, enabling attackers with knowledge of target file IDs to access other users' information. The vulnerability requires valid login credentials and knowledge of specific file identifiers, limiting its practical impact. No patch is currently available.
federated social media platform. All Misskey server versions up to 2026.3.1 is affected by improper verification of cryptographic signature.
Misskey is an open source, federated social media platform.
Misskey is an open source, federated social media platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable. Public exploit code available.
Misskey is an open source, federated social media platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Misskey is an open source, federated social media platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.