NIXPKGS-2026-0604

GitHub issue published 3 months, 2 weeks ago

Permalink CVE-2026-28432

updated 3 months, 2 weeks ago by @mweinelt Activity log

Created suggestion 3 months, 2 weeks ago
@mweinelt added
6 maintainers
- @wegank
- @Prince213
- @OPNA2608
- @fricklerhandwerk
- @ethancedwards8
- @eljamm
3 months, 2 weeks ago maintainer.add
@mweinelt accepted 3 months, 2 weeks ago
@mweinelt published on GitHub 3 months, 2 weeks ago

HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled or disabled. This vulnerability is fixed in 2026.3.1.

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp x_refsource_CONFIRM

Affected products

misskey

==< 2026.3.1

Matching in nixpkgs

pkgs.misskey

Open source, federated social media platform

nixos-unstable 2025.12.2
- nixpkgs-unstable 2025.12.2
- nixos-unstable-small 2025.12.2

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@feathecutie feathecutie
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>

Additional maintainers

@wegank Weijia Wang <contact@weijia.wang>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>
@fricklerhandwerk Valentin Gagarin <valentin@fricklerhandwerk.de>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>

https://github.com/misskey-dev/misskey/security/advisories/GHSA-grwc-c762-gcvp