Primary

Context

Misskey Data Access Vulnerability Due to Insufficient Permission Checks and Input Validation

Vulnerability

Patched

A vulnerability in Misskey, an open-source federated social media platform, allows unauthorized access to data on servers running versions 8.45.0 and later, but prior to 2026.3.1. This issue arises from inadequate permission checks and input validation, potentially leading to a significant data breach. The vulnerability exists regardless of whether federation is enabled.

Impact

Exploitation of this vulnerability could result in unauthorized data access, leading to a substantial data breach.

Remediation

Users are advised to update to Misskey version 2026.3.1 or later. There is no known workaround for this vulnerability.

Added: Mar 10, 2026, 7:52 AM

Updated: Mar 10, 2026, 7:52 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

2.5

exploitability

7.6

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Misskey Data Access Vulnerability Due to Insufficient Permission Checks and Input Validation

Vulnerability

Impact

Remediation

Affected Products

Misskey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating