CVE-2026-33869

EPSS 0.05%
Veröffentlicht 27.03.2026 19:52:21
Zuletzt bearbeitet 30.03.2026 19:12:07
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Joinmastodon ≫ Mastodon Version >= 4.4.0 < 4.4.15

Joinmastodon ≫ Mastodon Version >= 4.5.0 < 4.5.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.165

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-33869

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-33869

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-33869

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-33869