Exposure of Mastodon

Message boards

25

exposure score

202

sites use

0

exploited

3

critical

CVEs

34 results

CVE-2026-23963MEDIUMMastodon missing length limits on list names, filter names, and filter keywordsEPSS 0.3%CVE-2026-27477MEDIUMMastodon has SSRF via unvalidated FASP Provider base_urlEPSS 0.3%CVE-2025-62605MEDIUMMastodon quotes control can be bypassedEPSS 0.3%CVE-2025-62176MEDIUMMastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channelsEPSS 0.3%CVE-2026-22245HIGHMastodon has SSRF Protection bypassEPSS 0.2%CVE-2026-27468MEDIUMMastodon may allow unconfirmed FASP to make subscriptionsEPSS 0.2%CVE-2026-22246MEDIUMLocal Mastodon users can enumerate and access severed relationships of every other local userEPSS 0.2%CVE-2026-41259HIGHMastodon: Insufficient verification of email addressesEPSS 0.2%CVE-2025-62175MEDIUMMastodon streaming API fails to disconnect disabled and suspended usersEPSS 0.2%CVE-2026-23964MEDIUMMastodon has insufficient access control to push notification settingsEPSS 0.2%CVE-2025-62174LOWMastodon allows continued access after password reset via CLIEPSS 0.2%CVE-2025-67500LOWMastodon Error Handling Discrepancy Enables Private Status Existence EnumerationEPSS 0.2%CVE-2026-47777HIGHMastodon has a consent-check bypass in its remote CollectionsEPSS 0.2%CVE-2026-33869MEDIUMMastodon has a denial of service for quote authorizationEPSS 0.2%

← previouspage 2 / 2next →

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →