Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

LemmyNet — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting LemmyNet. AI-powered Chinese analysis, POCs, and references for each vulnerability.

LemmyNet is a decentralized federated social network platform enabling community-driven discussions across interconnected servers. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with four CVEs documented to date. The platform's federated architecture introduces unique security considerations, though no major public incidents have been widely reported. Security researchers have identified issues related to improper input validation and insufficient access controls, particularly in API endpoints and user authentication mechanisms. The open-source nature allows for community-driven security improvements, though the complexity of federation increases potential attack surfaces across interconnected instances.

Top products by LemmyNet: lemmy
CVE IDTitleCVSSSeverityPublished
CVE-2026-42180 Lemmy: SSRF in /api/v3/post via Webmention dispatch — lemmyCWE-918 6.3 Medium2026-05-08
CVE-2026-42181 Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image — lemmyCWE-918 6.5 Medium2026-05-08
CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() — lemmyCWE-918 6.5 Medium2026-03-27
CVE-2026-29178 Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint — lemmyCWE-918 7.5 -2026-03-06
CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation — lemmyCWE-918 4.0 Medium2025-02-10
CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance — lemmyCWE-285 7.5 High2024-01-24

This page lists every published CVE security advisory associated with LemmyNet. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.