Back to search
CVE-2026-41259
Published: Apr 23, 2026
Modified: Apr 23, 2026
PUBLISHED
Description
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted differently by some mailing servers. This vulnerability is fixed in v4.5.9, v4.4.16, and v4.3.22.
| Vendor | Product | Versions |
|---|---|---|
mastodon | mastodon | affected < 4.3.22affected >= 4.4.0-beta.1, < 4.4.16affected >= 4.5.0-beta.1, < 4.5.9 |
Weaknesses (CWE)
References
https://github.com/mastodon/mastodon/security/advisories/GHSA-5r37-qpwq-2jhh
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now