PT-2026-34728 · Mastodon · Mastodon

Evgeny Kopytin

Published

2026-04-01

Updated

2026-04-27

CVE-2026-41259

CVSS v4.0

8.2

High

Vector

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.9 Mastodon versions prior to 4.4.16 Mastodon versions prior to 4.3.22

Description Mastodon allows restricting new user sign-up based on e-mail domain names and performs basic validation on e-mail addresses, but it fails to restrict characters that some mailing servers interpret differently.

Recommendations Update to version 4.5.9 Update to version 4.4.16 Update to version 4.3.22

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-841

Related Identifiers

BDU:2026-06821

BIT-MASTODON-2026-41259

CVE-2026-41259

Affected Products

Mastodon

PT-2026-34728 · Mastodon · Mastodon

CVE-2026-41259

Weakness Enumeration

Related Identifiers

Affected Products

References · 8