CVE-2026-57574 in Misskey정보

요약

\~에 의해 MITRE • 2026. 07. 11.

Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If both credentials and a TOTP code are obtained concurrently, an attacker may reuse the code to perform unauthorized actions, potentially leading to account takeover. This issue is fixed in version 2026.6.0.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

책임이 있는

GitHub M

예약하다

2026. 06. 24.

모더레이션

수락

항목

VDB-377646

EPSS

0.00000

출처

Interested in the pricing of exploits?

See the underground prices here!