CVE-2026-41259

Vulnerability Description

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted differently by some mailing servers. This vulnerability is fixed in v4.5.9, v4.4.16, and v4.3.22.

Vulnerability Details

Published Date

April 23, 2026

Last Modified

April 23, 2026

CWE ID

CWE-841

Source

NVD

Vendor

mastodon

Product

mastodon

External References

https://github.com/mastodon/mastodon/security/advisories/GHSA-5r37-qpwq-2jhh

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment