Misskey Vulnerabilities
Comprehensive security vulnerability database for Misskey products
3
1
2
3
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-28433 | 2.3 | This vulnerability allows an attacker to import other users' data from Misskey servers, but they need to know the specific ID of the file they want to access. While the risk is considered low, it still poses a potential privacy issue for users on affected versions of the platform. | misskeymisskey | Theoretical | 28 days agoMar 10, 2026 |
| CVE-2026-28432 | 7.1 | An attacker can bypass security checks that verify the authenticity of messages sent between Misskey servers, which could allow them to send fake or malicious content. This vulnerability affects all Misskey servers, regardless of whether they are set up to communicate with other servers or not, and it has been fixed in the latest version. | misskeymisskey | Exploit Available | 28 days agoMar 10, 2026 |
| CVE-2026-28431 | 9.2 | This vulnerability allows attackers to access sensitive data on Misskey servers that they shouldn't be able to see, potentially leading to a major data breach. It affects all versions from 8.45.0 up to, but not including, 2026.3.1, regardless of whether the server's federation feature is turned on. | misskeymisskey | Exploit Available | 28 days agoMar 10, 2026 |
About Misskey Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Misskey products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.