Lucene search
K

4 matches found

NVD
NVD
added 2026/06/15 6:16 p.m.12 views

CVE-2026-47777

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS0.00167EPSS
Exploits0References2
CVE
CVE
added 2026/06/15 4:54 p.m.38 views

CVE-2026-47777

Affected product: Mastodon (open-source social network server). Vulnerable component: remote Collections feature logic for consent verification. Root cause: missing condition to ensure the FeatureAuthorization object on a remote account actually matches the Collection item, allowing forging of co...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 4:54 p.m.8 views

EUVD-2026-36742

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS5.4AI score0.00167EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 4:54 p.m.40 views

CVE-2026-47777 Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the...

7.5CVSS0.00167EPSS
Exploits0References2
Rows per page
Query Builder