CVE-2026-28432 Misskey — Exploit & Vulnerability Details HIGH

CVE-2026-28432

HIGH CVSS 4.0: 7.1 EPSS 0.02%

Parameter	Value
CVSS	7.1 (HIGH)
Affected Versions	before 2026.3.1
Fixed In	2026.3.1
Type	CWE-347 (Improper Verification of Cryptographic Signature)
Vendor	Misskey
Public PoC	No

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled.

This vulnerability is fixed in 2026.3.1.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Attack Requirements

None

No additional conditions

Privileges Required

None

No privileges needed

User Interaction

Passive

Minimal interaction

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v4.0

Weakness Type (CWE)

CWE-347 Improper Verification of Cryptographic Signature

Vulnerable Products 1

Configuration	From (including)	Up to (excluding)
Misskey Misskey cpe:2.3:a:misskey:misskey::::::::	—	`2026.3.1`

References 1

https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28433

Misskey

2.3

CVE-2026-28431

Misskey

9.2

Menu

CVE-2026-28432

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-28433

CVE-2026-28431

CVE Details

Editor's Choice

Menu

CVE-2026-28432

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

Vulnerable Products 1

References 1

Related Vulnerabilities

CVE-2026-28433

CVE-2026-28431

CVE Details

Editor's Choice

Stay informed on cybersecurity