CVE-2026-33869

Medium CVSS: 4.8

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

Vendor

Joinmastodon

Product

Mastodon

CWE

CWE-863

Yayın Tarihi

2026-03-27 20:16:34

Güncelleme

2026-03-30 19:12:07

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-863 Mastodon MEDIUM Joinmastodon 2026

Referanslar

https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33

Benzer Kayıtlar

Medium

CVE-2026-33868

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.8, 4.4.15, and 4.3.21,…

Medium

CVE-2026-27477

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval b…

Medium

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval b…

Medium

CVE-2026-25540

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mas…

High

CVE-2026-23962

Mastodon is a free, open-source social network server based on ActivityPub. Mastodon versions before v4.3.18, v4.4.12, a…

Medium

CVE-2026-23963

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.5.5, 4.4.12, and 4.3.18,…