CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57574

unknowncovered by 1 sourcefirst seen 2026-07-10
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a vulnerability in Time-based One-Time Password (TOTP) authentication in UserAuthService where insufficient validation of used tokens allows the reuse of a single-use code within its valid time step. If both credentials and a TOTP code are obtained concurrently, an attacker may reuse the code to perform unauthorized actions, potentially leading to account takeover. This issue is fixed in version 2026.6.0.

⚡ Watch CVE-2026-57574

Get an email if CVE-2026-57574 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-57574

CVE.org record

Embed the live status

CVE-2026-57574 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57574 status](https://www.csirts.com/badge/CVE-2026-57574)](https://www.csirts.com/cve/CVE-2026-57574)