ByteOS Network

NVD Vulnerability Details :

CVE-2026-33869

Analyzed

Source-security-advisories@github.com

Published At-27 Mar, 2026 | 20:16

Updated At-30 Mar, 2026 | 19:12

Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.5.x branch prior to 4.5.8 and on the 4.4.x branch prior to 4.4.15, an attacker that knows of a quote before it has reached a server can prevent it from being correctly processed on that server. The vulnerability has been patched in Mastodon 4.5.8 and 4.4.15. Mastodon 4.3 and earlier are not affected because they do not support quotes.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.8	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 4.8

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

CPE Matches

joinmastodon>>mastodon>>Versions from 4.4.0(inclusive) to 4.4.15(exclusive)

cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*

joinmastodon>>mastodon>>Versions from 4.5.0(inclusive) to 4.5.8(exclusive)

cpe:2.3:a:joinmastodon:mastodon:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-863	Primary	security-advisories@github.com

CWE ID: CWE-863

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33	security-advisories@github.com	Vendor Advisory

Hyperlink: https://github.com/mastodon/mastodon/security/advisories/GHSA-q4g8-82c5-9h33

Source: security-advisories@github.com

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History