https://www.openwall.com/lists/oss-security/2026/03/09/7
> Misskey and Sharkey, ActivityPub-based social network services (similar to Mastodon), have released updates to patch vulnerabilities Sharkey maintainers describe as "extremely severe".
Details have not been not published yet but "missing permission checks" and "authentication bypass" sound like vulnerabilities that could be prevented by following recommendations from [FEP-fe34: Origin-based security model](https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md ).
silverpill
npub19y…5wysk
2026-03-09 21:01:39 UTC
Author Public Key
npub19yg7mshq9vdtvvcm48svw03cmzewue4jug62cltnleh3y78khz5sm5wyskSeen on
wss://relay.momostr.pinkPublished at
2026-03-09 21:01:39 UTCEvent JSON
{
"id": "b49f783917c8e1b6c682318ed907776c9f39e196921fe4b604d96037569bfd93",
"pubkey": "2911edc2e02b1ab6331ba9e0c73e38d8b2ee66b2e234ac7d73fe6f1278f6b8a9",
"created_at": 1773090099,
"kind": 1,
"tags": [
[
"proxy",
"https://mitra.social/objects/019cd467-d2f6-e7c3-b5af-6f15c6ac14bd",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mitra.social/objects/019cd467-d2f6-e7c3-b5af-6f15c6ac14bd",
"pink.momostr"
],
[
"-"
]
],
"content": "https://www.openwall.com/lists/oss-security/2026/03/09/7\n\n\u003e Misskey and Sharkey, ActivityPub-based social network services (similar to Mastodon), have released updates to patch vulnerabilities Sharkey maintainers describe as \"extremely severe\".\n\nDetails have not been not published yet but \"missing permission checks\" and \"authentication bypass\" sound like vulnerabilities that could be prevented by following recommendations from [FEP-fe34: Origin-based security model](https://codeberg.org/fediverse/fep/src/branch/main/fep/fe34/fep-fe34.md ).",
"sig": "34b28a93e120c8ab9d88e1045a6514cf85aa2cda00e85dcd380fc600fe57230d9ecee9c4509a0a48d48b47cc8bfb302c06c987aef43e4d7d3675a16b892a2282"
}