PT-2026-3900 · Mastodon · Mastodon
Ember-Ruby
·
Publicado
2026-01-22
·
Atualizado
2026-02-03
·
CVE-2026-23962
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Mastodon versions prior to 4.3.18
Mastodon versions prior to 4.4.12
Mastodon versions prior to 4.5.5
Description
Mastodon is a free, open-source social network server based on ActivityPub. Versions of Mastodon prior to 4.3.18, 4.4.12, and 4.5.5 do not limit the maximum number of poll options for remote posts. This allows attackers to create polls with a very large number of options, which can significantly increase resource consumption. An attacker can cause disproportionate resource usage in both Mastodon servers and clients, potentially leading to a Denial of Service, either server-side or client-side.
Recommendations
Update to Mastodon version 4.3.18 or later.
Update to Mastodon version 4.4.12 or later.
Update to Mastodon version 4.5.5 or later.
Exploit
Correção
DoS
Allocation of Resources Without Limits
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mastodon