Primary

Context

Nexkey Authentication Bypass Vulnerability in Job Queue Dashboard

Vulnerability

Patched

An authentication bypass vulnerability has been identified in Nexkey, a fork of Misskey, prior to version 12.121.9. The issue arises from incomplete URL validation, which allows users to bypass authentication and access the job queue dashboard. This vulnerability could lead to unauthorized access to sensitive information, such as direct messages and follower-only posts, as well as potential server overload by causing repeated retries of failed jobs.

Impact

Exploitation of this vulnerability could result in unauthorized access to the Bull dashboard, allowing attackers to view sensitive user information and overload the server by repeatedly retrying failed jobs.

Remediation

Users can upgrade to Nexkey version 12.121.9 or later to address this vulnerability. As an additional measure, access to the '/queue' path can be blocked using Cloudflare's Web Application Firewall.

Added: Mar 11, 2026, 7:10 PM

Updated: Mar 11, 2026, 7:10 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.3

remediation

7.9

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.3

remediation

7.9

relevance

0.0

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Nexkey Authentication Bypass Vulnerability in Job Queue Dashboard

Vulnerability

Impact

Remediation

Affected Products

Nexkey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating