← Back to CVEs
CVE-2026-33869
MEDIUM4.8
Description
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
CVE Details
CVSS v3.1 Score4.8
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredNONE
User InteractionNONE
Published3/27/2026
Last Modified3/30/2026
Sourcenvd
Honeypot Sightings0
Affected Products
joinmastodon:mastodon
Weaknesses (CWE)
CWE-863
References
https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33(security-advisories@github.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.