CVE-2026-33869 — MEDIUM (4.8)

Q: How severe is CVE-2026-33869?

CVE-2026-33869 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-33869?

Check the references section above for vendor advisories and patch information. Affected products include: Joinmastodon Mastodon.

Vulnerability Description

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Joinmastodon	Mastodon	>= 4.4.0, < 4.4.15

Related Weaknesses (CWE)

CWE-863

References

https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33Vendor Advisory

FAQ

What is CVE-2026-33869?

CVE-2026-33869 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote be...

How severe is CVE-2026-33869?

CVE-2026-33869 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-33869?

Check the references section above for vendor advisories and patch information. Affected products include: Joinmastodon Mastodon.