Nixpkgs security tracker

Untriaged

Permalink CVE-2026-28432

created 1 month, 1 week ago Activity log

Created suggestion 1 month, 1 week ago

HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp x_refsource_CONFIRM

Affected products

misskey

==< 2026.3.1

Matching in nixpkgs

pkgs.misskey

🌎 An interplanetary microblogging platform 🚀

nixos-unstable 2025.12.2
- nixpkgs-unstable 2025.12.2
- nixos-unstable-small 2025.12.2
nixos-25.11 2025.7.0
- nixos-25.11-small 2025.7.0
- nixpkgs-25.11-darwin 2025.7.0

Package maintainers

@feathecutie feathecutie

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.misskey

Package maintainers