Lucene search
K

11 matches found

OSV
OSV
added 2026/07/06 5:55 a.m.4 views

BIT-MASTODON-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS6AI score0.00124EPSS
Exploits0References2
OSV
OSV
added 2026/07/06 5:55 a.m.3 views

BIT-MASTODON-2026-46349 Mastodon: LD-Signature Bypass via JSON-LD Named-Graph Restructuring

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS6AI score0.00162EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 8:16 p.m.9 views

CVE-2026-46349

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to...

5.3CVSS0.00162EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-48028

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS0.00124EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 7:48 p.m.21 views

CVE-2026-50128

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/24 7:48 p.m.19 views

CVE-2026-50128 Mastodon: Spoofing of attribution domains

Mastodon is a free, open-source social network server based on ActivityPub. From 4.3.0 until 4.5.11 and 4.4.18, Mastodon has a feature to let websites credit authors of their articles. To prevent false attribution claims, Mastodon uses the attributionDomains JSON-LD term, however, an error in how...

5.3CVSS0.00129EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 7:48 p.m.16 views

CVE-2026-50128

Mastodon vulnerability CVE-2026-50128 affects versions 4.3.0 through 4.5.11 and 4.4.18, where an error in the attributionDomains JSON-LD handling allows an attacker to arbitrarily modify the attributionDomains value on a legitimately signed Update and bypass signature verification. This can under...

5.3CVSS5.9AI score0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 7:43 p.m.15 views

CVE-2026-48028

Mastodon (open-source social network server) versions prior to 4.5.10, 4.4.17, and 4.3.23 are affected. The vulnerability arises from how incoming activities signed with Linked-Data Signatures are normalized, failing to adequately protect against a class of spoofing that lets an attacker remove J...

6.5CVSS5.9AI score0.00124EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 7:43 p.m.3 views

CVE-2026-48028 Mastodon: Removal of integrity-protected JSON entries from signed activities

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing threat actors...

6.5CVSS6AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.33 views

PT-2026-52078

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

5.3CVSS5.9AI score0.00162EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.14 views

PT-2026-52080

Name of the Vulnerable Software and Affected Versions Mastodon versions prior to 4.5.10 Mastodon versions prior to 4.4.17 Mastodon versions prior to 4.3.23 Description Mastodon is a free, open-source social network server based on ActivityPub. The normalization of incoming activities signed with...

6.5CVSS6AI score0.00124EPSS
Exploits0References5
Rows per page
Query Builder