Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Remote unauthenticated ActivityPub forgery requires no privileges or interaction, but impact is limited to misrepresenting featured-collection consent state, so I:L rather than I:H.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
3DescriptionCVE.org
Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuthorization object that is used to verify consent to be featured in a Collection and thus make it appear as if an account is allowed to be in a Collection when it actually is not. While the FeatureAuthorization must reside on the same domain as the object it is for, a check is missing to make sure said object is actually the same as in the Collection item. This allows an attacker to forge the authorization. Mastodon servers are affected only if running the main branch or nightly builds who have opted into testing the experimental "Collections" feature by setting the environment variable EXPERIMENTAL_FEATURES to a value including collections. This has been patched in version 4.6.0-beta.1.
AnalysisAI
Authorization bypass in Mastodon's experimental Collections feature allows remote attackers to forge FeatureAuthorization objects and falsely list non-consenting accounts in remote Collections. The flaw stems from a missing cross-reference between the featured object's actor URI and the authorization's interactionTarget, letting an attacker assert consent on behalf of another account on the same domain. Patched in 4.6.0-beta.1; no public exploit identified at time of analysis and the issue only manifests when the EXPERIMENTAL_FEATURES env var explicitly enables 'collections'.
Technical ContextAI
Mastodon is a Ruby on Rails ActivityPub-based federated social server. The vulnerable code paths are in app/services/activitypub/process_featured_item_service.rb and verify_featured_item_service.rb, which handle inbound ActivityPub objects describing items featured in a remote actor's Collection. A FeatureAuthorization object is supposed to prove that the referenced account consented to being listed, and the existing check enforced that the authorization and its interactionTarget shared a hostname. However, no check verified that the interactionTarget actor URI matched the featuredObject actor URI of the Collection item itself - so any FeatureAuthorization on the correct domain, even one issued for a different account, would satisfy verification. This is a classic CWE-345 (Insufficient Verification of Data Authenticity) failure in federated trust validation; the patch introduces non_matching_actor_and_approval_uris? and matching_actors? helpers that cross-check the actor URIs.
RemediationAI
Vendor-released patch: 4.6.0-beta.1 - upgrade main-branch or nightly deployments to this version or newer per https://github.com/mastodon/mastodon/security/advisories/GHSA-vg36-gxjg-2v46, which incorporates the upstream fix commit 22203f8aeb03e8f14dc62e253e83db39825a5bcf. If immediate upgrade is not possible, the most direct compensating control is to disable the experimental feature by removing 'collections' from the EXPERIMENTAL_FEATURES environment variable and restarting the Mastodon services; the only side effect is loss of access to the still-experimental Collections functionality, which is not yet a stable feature. Operators running tagged stable releases without EXPERIMENTAL_FEATURES=collections require no action.
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts
Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.4), this vulnera
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut
Mastodon is a free, open-source social network server based on ActivityPub. Rated critical severity (CVSS 9.9), this vul
Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for aut
Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0. Rated c
Server-Side Request Forgery in Mastodon before 4.5.10, 4.4.17, and 4.3.23 lets attackers coerce the server into issuing
Server-side request forgery in Mastodon (versions before 4.5.10, 4.4.17, and 4.3.23) lets an attacker who controls autho
Unauthenticated attackers can bypass FASP administrator approval in Mastodon 4.4.0-4.4.13 and 4.5.0-4.5.6 to subscribe t
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Masto
Mastodon is a self-hosted, federated microblogging platform. Rated high severity (CVSS 8.2), this vulnerability is remot
Mastodon is a free, open-source social network server based on ActivityPub. Rated high severity (CVSS 7.7), this vulnera
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36742