https://www.openwall.com/lists/oss-security/2026/03/09/7
Misskey and Sharkey, ActivityPub-based social network services (similar to Mastodon), have released updates to patch vulnerabilities Sharkey maintainers describe as "extremely severe".
Details have not been not published yet but "missing permission checks" and "authentication bypass" sound like vulnerabilities that could be prevented by following recommendations from FEP-fe34: Origin-based security model.
Misskey and Sharkey, ActivityPub-based social network services (similar to Mastodon), have released updates to patch vulnerabilities Sharkey maintainers describe as "extremely severe".
Details have not been not published yet but "missing permission checks" and "authentication bypass" sound like vulnerabilities that could be prevented by following recommendations from FEP-fe34: Origin-based security model.
1
