CVE-2026-41259— Mastodon: Insufficient verification of email addresses
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-41259
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Mastodon: Insufficient verification of email addresses
Source: NVD (National Vulnerability Database)
Vulnerability Description
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted differently by some mailing servers. This vulnerability is fixed in v4.5.9, v4.4.16, and v4.3.22.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
行为工作流的不恰当实施
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mastodon 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mastodon是Mastodon开源的一款基于ActivityPub的开源社交网络服务器。 Mastodon v4.5.9之前版本、v4.4.16之前版本和v4.3.22之前版本存在安全漏洞,该漏洞源于未能限制某些邮件服务器解释不同的字符。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-41259
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-41259
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: mastodon
- CVE-2026-33869
Mastodon has a denial of service for quote authorization - CVE-2026-33868
Mastodon has a GET-Based Open Redirect via '/web/%2F<domain> - CVE-2026-27477
Mastodon has SSRF via unvalidated FASP Provider base_url - CVE-2026-27468
Mastodon may allow unconfirmed FASP to make subscriptions - CVE-2026-25540
Mastodon's signature-dependent ActivityPub collection respon
Same vendor: mastodon
- CVE-2026-33869
Mastodon has a denial of service for quote authorization - CVE-2026-33868
Mastodon has a GET-Based Open Redirect via '/web/%2F<domain> - CVE-2026-27477
Mastodon has SSRF via unvalidated FASP Provider base_url - CVE-2026-27468
Mastodon may allow unconfirmed FASP to make subscriptions - CVE-2026-25540
Mastodon's signature-dependent ActivityPub collection respon
Same weakness: CWE-841
- CVE-2026-34582
Botan has a TLS 1.3 certificate authentication bypass - CVE-2025-13459
IBM Aspera Console Denial of Service - CVE-2026-3130
Devolutions Server 安全漏洞 - CVE-2025-52469
Chamilo: Friend Request Workflow Bypass - Unauthorized Frien - CVE-2026-24774
Open eClass Business Logic Flaw Allows Students to Mark Atte
V. Comments for CVE-2026-41259
No comments yet