Main Vulnerability Database Vulnerabilities #VU126977

Input validation error in Mastodon - #VU126977

Published: January 16, 2025 / Updated: April 23, 2026

Vulnerability identifier: #VU126977

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: N/A

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Mastodon

Affected software:
Mastodon

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a partial denial of service.

The vulnerability exists due to improper input validation in remote actor validation and error handling when processing remote actors. A remote attacker can send invalid actor data to cause a partial denial of service.

Exploitation can prevent the server from correctly processing deletions of local accounts, deletion of targeted local posts, and delivery of activities from targeted local accounts to remote servers.

Remediation

Install security update from vendor's website.

Sources

https://github.com/mastodon/mastodon/security/advisories/GHSA-5wxh-3p65-r4g6

Input validation error in Mastodon - #VU126977

Detailed vulnerability description

Remediation

Sources

Please verify you're human