CyberRota
← Ana sayfaya dön

CVE-2026-46349

MEDIUM · CVSS 5.3 EPSS %0.16 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-24T20:16:32.233 · Çekilme zamanı: 2026-06-30T18:32:41.231721+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-46349
Severity
MEDIUM
CVSS
5.3
EPSS
%0.16

Orijinal NVD Açıklaması

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.10, 4.4.17, and 4.3.23, Mastodon's normalization of incoming activities signed with Linked-Data Signatures does not sufficiently protect the activities from a certain class of spoofing, allowing attackers to re-arrange a valid signed JSON-LD activity from a third-party actor to have it processed differently. This vulnerability is fixed in 4.5.10, 4.4.17, and 4.3.23.