VYPR
Unrated severityNVD Advisory· Published Mar 9, 2026· Updated Mar 10, 2026

HTTP signature verification can be bypassed

CVE-2026-28432

Description

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

Affected products

2
  • Misskey Dev/Misskeyllm-fuzzy2 versions
    <2026.3.1+ 1 more
    • (no CPE)range: <2026.3.1
    • (no CPE)range: < 2026.3.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.