CVE-2026-33869

MEDIUM

4.8

Descripcion

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

Detalles CVE

Puntuacion CVSS v3.14.8

SeveridadMEDIUM

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosNONE

Interaccion usuarioNONE

Publicado3/27/2026

Ultima modificacion3/30/2026

Fuentenvd

Avistamientos honeypot0

Productos afectados

joinmastodon:mastodon

Debilidades (CWE)

CWE-863

Referencias

https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33(security-advisories@github.com)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.