cvedb.io
CVE-2026-41259
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2026-04-23T19:17:30.027 · Last modified 2026-06-17T10:46:24.043

Summary

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted differently by some mailing servers. This vulnerability is fixed in v4.5.9, v4.4.16, and v4.3.22.

Affected products

joinmastodon — mastodon

Does this affect you?

Add your gear to cvedb and we'll alert you only when joinmastodon ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.