CVE-2026-28432 HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

CVE-2026-28432 HTTP signature verification can be bypassed

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

EUVD-2026-10368

Misskey is an open source, federated social media platform. All Misskey servers prior to 2026.3.1 contain a vulnerability that allows bypassing HTTP signature verification. Although this is a vulnerability related to federation, it affects all servers regardless of whether federation is enabled o...

CVE-2026-28432

CVE-2026-28432: Misskey HTTP signature verification bypass . Affects Misskey servers prior to 2026.3.1, allowing bypass of HTTP signature verification (federation-related vulnerability that affects all servers, regardless of federation enablement). Root cause: bypass of the HTTP signature check. ...

PT-2026-24121

Name of the Vulnerable Software and Affected Versions Misskey versions prior to 2026.3.1 Description Misskey is a federated social media platform. All servers prior to version 2026.3.1 are susceptible to an issue that allows bypassing HTTP signature verification. This affects all servers, even...

PT-2025-46850

Name of the Vulnerable Software and Affected Versions ZITADEL versions 2.50.0 through 2.71.18 ZITADEL versions 3.0.0-rc.1 through 3.4.3 ZITADEL versions 4.0.0-rc.1 through 4.6.5 Description ZITADEL, an open source identity management platform, has a flaw in its federation process. This issue allo...

CVE-2013-2279

CA SiteMinder Federation FSS 12.5, 12.0, and r6; Federation Standalone 12.1 and 12.0; Agent for SharePoint 2010; and SiteMinder for Secure Proxy Server 6.0, 12.0, and 12.5 does not properly verify XML signatures for SAML statements, which allows remote attackers to spoof other users and gain...

CVE-2024-52815 Synapse allows a a malformed invite to break the invitee's `/sync`

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...