PT-2026-7177 · Hollo · Hollo

Aliceif

Publicado

2026-02-09

Atualizado

2026-02-28

CVE-2026-25808

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Hollo versions prior to 0.6.20 Hollo versions prior to 0.7.2

Description Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages (DMs) and posts restricted to followers were exposed through the ActivityPub outbox endpoint without proper authorization. This allowed unauthorized access to sensitive information. The issue affects the ActivityPub outbox endpoint.

Recommendations Update to Hollo version 0.6.20 or later. Update to Hollo version 0.7.2 or later.

Exploit

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862

Identificadores relacionados

CVE-2026-25808

GHSA-6R2W-3PCJ-V4V5

Produtos afetados

Hollo

PT-2026-7177 · Hollo · Hollo

CVE-2026-25808

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9