3 matches found
CVE-2026-46348
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make...
CVE-2026-46348
CVE-2026-46348 affects Mastodon servers prior to 4.5.10, 4.4.17, and 4.3.23. The issue stems from the disallowed IP range list lacking an IPv6 unspecified address (::), allowing an attacker to induce HTTP requests to loopback interfaces and potentially access private resources and services. Impac...
CVE-2026-22245
CVE-2026-22245 — Mastodon SSRF protection bypass . The issue affects Mastodon releases prior to 4.5.4, 4.4.11, 4.3.17 and 4.2.29, where the local/loopback access protection for outbound HTTP requests relied on a incomplete disallowed IP ranges list. An attacker could use certain IPs to trigger re...