Insufficient Permission Checks in Misskey by Misskey Dev
CVE-2026-28431
9.2CRITICAL
What is CVE-2026-28431?
Misskey, an open-source federated social media platform, is affected by a vulnerability that allows unauthorized access to sensitive data due to inadequate permission checks and insufficient input validation. This issue exists across all server versions from 8.45.0 up to but not including 2026.3.1, regardless of the federation feature being used. Remediation is available in version 2026.3.1, emphasizing the importance of timely updates to safeguard user data.
Affected Version(s)
misskey >= 8.45.0, < 2026.3.1
