QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2026-28433

Back to search

CVE-2026-28433

Published: Mar 9, 2026

Modified: Mar 10, 2026

PUBLISHED

Description

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be relatively low, as bad actors would require the ID corresponding to the target file for import. This vulnerability is fixed in 2026.3.1.

VendorProductVersions

misskey-dev

misskey

affected
>= 10.93.0, < 2026.3.1

Weaknesses (CWE)

CWE-639
CWE-862

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now
CVE-2026-28433 - Security Vulnerability | QwikSec