PT-2026-28542 · Mastodon · Mastodon
Clearlyclaire
·
Published
2026-03-27
·
Updated
2026-03-31
·
CVE-2026-33869
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Mastodon versions 4.5.0 through 4.5.7
Mastodon versions 4.4.0 through 4.4.14
Description
Mastodon is a free, open-source social network server based on ActivityPub. An attacker who is aware of a quote before it has reached a server can prevent the quote from being correctly processed on that server. This issue affects versions 4.5.x prior to 4.5.8 and 4.4.x prior to 4.4.15. Versions 4.3 and earlier are not affected as they do not support quotes.
Recommendations
Update Mastodon to version 4.5.8 or later.
Update Mastodon to version 4.4.15 or later.
Exploit
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mastodon