CVE-2026-33869 in Mastodon
摘要 (英语)
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
负责
GitHub_M
预定
2026-03-24
披露
2026-03-27
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354024 | Mastodon 权限提升 | 863 | 未定义 | 官方修复 | CVE-2026-33869 |