CNNVD-202601-1446 Information
CNNVD ID
CNNVD-202601-1446
Related CVE
- CNNVD Published: 2026-01-08
Description (Chinese)
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon 4.3.17之前版本、4.4.11之前版本和4.5.4之前版本存在安全漏洞,该漏洞源于缺少关系列表所有权检查,可能导致信息泄露。
Description (English)
Mastodon is an open-source social network server based on ActivityPub. There was a security loophole in the previous versions of Mastodon 4.3.17, 4.4.11 and 4.5.4, which stemmed from the lack of a relationship list ownership check and could lead to the disclosure of information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Mastodon
Published
2026-01-08
Last Modified
2026-02-24
References
https://github.com/mastodon/mastodon/security/advisories/GHSA-ww85-x9cp-5v24 https://github.com/mastodon/mastodon/commit/b2bcd34486fd6681cc0f30028086ef0f47282adf https://github.com/mastodon/mastodon/commit/68e30985ca7afdb89af1b2e9dc962e1993dc8076 https://github.com/mastodon/mastodon/commit/c1fb6893c5175d74c074f6f786d504c8bc610d57 https://access.redhat.com/security/cve/cve-2026-22246
Patch
https://github.com/mastodon/mastodon/releases
Share on: