CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-57575

unknowncovered by 1 sourcefirst seen 2026-07-10
Misskey is an open source, federated social media platform. Prior to 2026.6.0, Misskey contains a Server-Side Request Forgery (SSRF) vulnerability in URL preview functionality in UrlPreviewService. Due to missing network restrictions before establishing outbound connections, a remote attacker can cause the Misskey server to initiate HTTP requests to loopback, private, or link-local services. Because IP address validation takes place after the request has been sent and the process is subsequently rejected, no sensitive internal data is believed to be transmitted back or exposed to the attacker. This issue is fixed in version 2026.6.0.

⚡ Watch CVE-2026-57575

Get an email if CVE-2026-57575 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Advisory coverage (1)

External references

NVD record for CVE-2026-57575

CVE.org record

Embed the live status

CVE-2026-57575 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-57575 status](https://www.csirts.com/badge/CVE-2026-57575)](https://www.csirts.com/cve/CVE-2026-57575)