Primary

Context

Misskey HTTP Signature Verification Bypass Vulnerability

Vulnerability

Patched

A vulnerability exists in Misskey servers prior to version 2026.3.1 that allows for bypassing HTTP signature verification. This issue, while related to federation, impacts all servers regardless of their federation settings. The vulnerability has been addressed in version 2026.3.1.

Impact

Exploitation of this vulnerability allows for the bypass of HTTP signature verification, which could lead to unauthorized actions being performed on behalf of a user or server.

Remediation

Users are advised to update to Misskey version 2026.3.1 or later.

Added: Mar 10, 2026, 7:50 AM

Updated: Mar 10, 2026, 7:50 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

0.6

exploitability

8.3

remediation

7.7

relevance

3.7

threat

0.0

urgency

2.9

incentive

8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Misskey HTTP Signature Verification Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Misskey

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating