CVE-2026-41259
Awaiting Analysis
Awaiting Analysis - Queue
BaseFortify
Publication date: 2026-04-23
Last updated on: 2026-04-28
Assigner: GitHub, Inc.
Description
Description
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted differently by some mailing servers. This vulnerability is fixed in v4.5.9, v4.4.16, and v4.3.22.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| joinmastodon | mastodon | to 4.3.22 (exc) |
| joinmastodon | mastodon | From 4.4.0 (inc) to 4.4.16 (exc) |
| joinmastodon | mastodon | From 4.5.0 (inc) to 4.5.9 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-841 | The product supports a session in which more than one behavior must be performed by an actor, but it does not properly ensure that the actor performs the behaviors in the required sequence. |
Attack-Flow Graph
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70