CVE-2026-28431
HIGHCVSS v3
7.5
HIGH
EPSS Score
0.0%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 3/10/2026
- Last Modified
- 3/13/2026
Frequently Asked Questions
What is CVE-2026-28431?
Misskey is an open source, federated social media platform. All Misskey servers running versions 8.45.0 and later, but prior to 2026.3.1, contain a vulnerability that allows bad actors access to data that they ordinarily wouldn't be able to access due to insufficient permission checks and proper input validation. This vulnerability occurs regardless of whether federation is enabled or not. This vulnerability could lead to a significant data breach. This vulnerability is fixed in 2026.3.1.
Is CVE-2026-28431 actively exploited?
Active exploitation of CVE-2026-28431 has not been confirmed. The EPSS score is 0.0%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2026-28431?
CVE-2026-28431 has a CVSS v3 base score of 7.5 (HIGH severity), with vector string 3.1.
Is CVE-2026-28431 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.