CNNVD-202601-3908 Information

CNNVD ID

CNNVD-202601-3908

Related CVE

CVE-2026-23963

• CNNVD Published: 2026-01-22

Description (Chinese)

Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon v4.5.5之前版本、v4.4.12之前版本和v4.3.18之前版本存在安全漏洞，该漏洞源于未强制实施列表、过滤器名称或过滤器关键词的最大长度，可能导致资源滥用。

Description (English)

Mastodon is an open-source social network server based on ActivityPub. There is a security loophole in the pre-Mastodon v4.5.5, pre-V4.4.12 and pre-V4.3.18, which stems from the maximum length of the unenforceable list, filter name or filter keyword, which may lead to misuse of resources.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mastodon

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/mastodon/mastodon/releases/tag/v4.3.18 https://github.com/mastodon/mastodon/releases/tag/v4.4.12 https://github.com/mastodon/mastodon/releases/tag/v4.5.5 https://github.com/mastodon/mastodon/security/advisories/GHSA-6x3w-9g92-gvf3

Patch

https://joinmastodon.org/zh