CNNVD-202601-3911 Information

CNNVD ID

CNNVD-202601-3911

Related CVE

CVE-2026-23961

• CNNVD Published: 2026-01-22

Description (Chinese)

Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon存在安全漏洞，该漏洞源于逻辑错误允许被暂停用户的旧帖子出现在时间线上，在特定版本中可能部分绕过暂停。

Description (English)

Mastodon is an open-source social network server based on ActivityPub. There is a security loophole in Mastodon, which stems from a logical error to allow the user’s old post to appear on the time line, which may be partially bypassed in a given version.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mastodon

Published

2026-01-22

Last Modified

2026-02-24

References

https://github.com/mastodon/mastodon/releases/tag/v4.3.18 https://github.com/mastodon/mastodon/releases/tag/v4.4.12 https://github.com/mastodon/mastodon/releases/tag/v4.5.5 https://github.com/mastodon/mastodon/security/advisories/GHSA-5h2f-wg8j-xqwp

Patch

https://joinmastodon.org/zh