PT-2026-7177 · Hollo · Hollo
Aliceif
·
Published
2026-02-09
·
Updated
2026-02-28
·
CVE-2026-25808
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Hollo versions prior to 0.6.20
Hollo versions prior to 0.7.2
Description
Hollo is a federated single-user microblogging software that utilizes ActivityPub for federation. A security issue exists where direct messages (DMs) and posts restricted to followers were exposed through the ActivityPub outbox endpoint without proper authorization. This allowed unauthorized access to sensitive information. The issue affects the
ActivityPub outbox endpoint.Recommendations
Update to Hollo version 0.6.20 or later.
Update to Hollo version 0.7.2 or later.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hollo