CVE-2026-33869
Last modified
CVE-2026-33869 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. EPSS estimates a 0.17% chance of exploitation in the next 30 days.
Description
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Joinmastodon | Mastodon | >= 4.4.0, < 4.4.15 |
| Joinmastodon | Mastodon | >= 4.5.0, < 4.5.8 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-33869?
How severe is CVE-2026-33869?
How do I fix CVE-2026-33869?
Are you affected by CVE-2026-33869?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST