3 matches found
BIT-MASTODON-2026-46348 Mastodon: SSRF Bypass via IPv6 Unspecified Address (::)
Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, the list of disallowed IP address ranges was lacking an IP address range that can be used to reach local IP addresses. An attacker can use an IP address in the affected range to make...
CVE-2026-46348
CVE-2026-46348 affects Mastodon servers prior to 4.5.10, 4.4.17, and 4.3.23. The issue stems from the disallowed IP range list lacking an IPv6 unspecified address (::), allowing an attacker to induce HTTP requests to loopback interfaces and potentially access private resources and services. Impac...
ANT-2026-6DSMTXZ8 · mastodon · SSRF
ssrf high GHSA-crr4-7rm4-8gpw Severity Claude high · Security research firm high · Maintainer unknown Discovered by Claude Mythos Preview REPORT Anthropic's analysis, sealed at approval. Disclosure to the maintainer was performed by Doyensec. ANT-2026-6DSMTXZ8: SSRF Bypass via IPv6 Unspecified...