PT-2026-3901 · Mastodon · Mastodon

Daprice

Publicado

2026-01-22

Atualizado

2026-02-03

CVE-2026-23963

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.5 Mastodon versions prior to 4.4.12 Mastodon versions prior to 4.3.18

Description Mastodon, a free and open-source social network server based on ActivityPub, does not limit the length of names for lists or filters, or for filter keywords. This allows a user to set an excessively long string as a name or keyword, potentially causing disproportionate storage and computing resource usage. A user can render their own web interface unusable, though this requires intentional action or approval of a malicious API client.

Recommendations Update to Mastodon version 4.5.5 or later. Update to Mastodon version 4.4.12 or later. Update to Mastodon version 4.3.18 or later.

Exploit

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

BIT-MASTODON-2026-23963

CVE-2026-23963

GHSA-6X3W-9G92-GVF3

Produtos afetados

Mastodon

PT-2026-3901 · Mastodon · Mastodon

CVE-2026-23963

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13