NIXPKGS-2026-0614

GitHub issue published 3 months, 2 weeks ago

Permalink CVE-2026-28433

updated 3 months, 2 weeks ago by @mweinelt Activity log

Created suggestion 3 months, 2 weeks ago
@mweinelt added
5 maintainers
- @wegank
- @Prince213
- @phanirithvij
- @ethancedwards8
- @eljamm
3 months, 2 weeks ago maintainer.add
@mweinelt accepted 3 months, 2 weeks ago
@mweinelt published on GitHub 3 months, 2 weeks ago

Misskey lacks resource ownership validation

Misskey is an open source, federated social media platform. All Misskey servers running versions 10.93.0 and later, but prior to 2026.3.1, contain a vulnerability that allows importing other users' data due to lack of ownership validation. The impact of this vulnerability is estimated to be relatively low, as bad actors would require the ID corresponding to the target file for import. This vulnerability is fixed in 2026.3.1.

References

https://github.com/misskey-dev/misskey/security/advisories/GHSA-g6hj-33h7-6fq8 x_refsource_CONFIRM

Affected products

misskey

==>= 10.93.0, < 2026.3.1

Matching in nixpkgs

pkgs.misskey

Open source, federated social media platform

nixos-unstable 2025.12.2
- nixpkgs-unstable 2025.12.2
- nixos-unstable-small 2025.12.2

Package maintainers

@wegank Weijia Wang <contact@weijia.wang>
@feathecutie feathecutie
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>

Additional maintainers

@wegank Weijia Wang <contact@weijia.wang>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>

https://github.com/misskey-dev/misskey/security/advisories/GHSA-g6hj-33h7-6fq8