CVE-2026-33869
Mastodon has a denial of service for quote authorization
CVSS Score
4.8
EPSS Score
0.0%
EPSS Percentile
0th
Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.
| CWE | CWE-863 |
| Vendor | mastodon |
| Product | mastodon |
| Published | Mar 27, 2026 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for mastodon mastodon
Be the first to know when new medium vulnerabilities affecting mastodon mastodon are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected Versions
mastodon / mastodon
>= 4.5.0, < 4.5.8 >= 4.4.0, < 4.4.15