← Retour aux CVEs
CVE-2026-33869
MEDIUM4.8
Description
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
Details CVE
Score CVSS v3.14.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Vecteur d'attaqueNETWORK
ComplexiteHIGH
Privileges requisNONE
Interaction utilisateurNONE
Publie3/27/2026
Derniere modification3/30/2026
Sourcenvd
Observations honeypot0
Produits affectes
joinmastodon:mastodon
Faiblesses (CWE)
CWE-863
References
https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33(security-advisories@github.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.