HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-47777Published Modified CNA GitHub_M

CVE-2026-47777: Mastodon has a consent-check bypass in its remote Collections

Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuthorization object that is used to verify consent to be featured in a Collection and thus make it appear as if an account is allowed to be in a Collection when it actually is not. While the FeatureAuthorization must reside on the same domain as the object it is for, a check is missing to make sure said object is actually the same as in the Collection item. This allows an attacker to forge the authorization. Mastodon servers are affected only if running the main branch or nightly builds who have opted into testing the experimental "Collections" feature by setting the environment variable EXPERIMENTAL_FEATURES to a value including collections. This has been patched in version 4.6.0-beta.1.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

This is a consent-check bypass vulnerability in Mastodon's experimental remote Collections feature. The flaw is reachable over the network without any authentication, allowing a remote attacker to forge a FeatureAuthorization object and make it appear that an account has consented to appear in a remote Collection when it has not. Successful exploitation enables an attacker to tamper with Collection membership data, misrepresenting account consent across federated Mastodon servers. No fix version has been published yet; HarborGuard is tracking the advisory and will make a patched-image rebuild available the moment an upstream fix is released.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream advisory feeds within minutes of publication and matched against all customer images, including custom-built Mastodon images derived from nightly or main-branch sources. Any image found running an affected build of Mastodon is flagged immediately in the customer's scan results.

Available
Triage

HarborGuard scores this issue at CVSS 7.5 HIGH using the published v3.1 vector, and per-environment compliance policy weighting can escalate or suppress the alert priority based on how the customer's policy treats integrity-impact findings. Triage routing is available to direct the finding to the appropriate team inbox within each customer organization.

Available
Patch

Because no upstream fix version has been published, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available automatically the moment Mastodon ships a stable release addressing this bypass. For customers with auto-remediation enabled, the rebuild, regression test run, and PR against affected workloads will be initiated without manual intervention as soon as that upstream fix is available.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the Mastodon server over the network; the vulnerability is exposed via standard ActivityPub federation endpoints.

  • AuthenticationNot required

    No account or credential is required; the forged FeatureAuthorization can be submitted by any unauthenticated remote party.

  • Victim interactionNot required

    No action by a user or administrator on the target server is needed to trigger the consent-check bypass.

  • Attack complexityDetail

    Exploit complexity is low; no race conditions or special environmental factors are required, making the forgery reliable and repeatable.

Blast Radius

  • An attacker inserts arbitrary accounts into remote Collections without those accounts ever consenting, falsifying membership records across federated servers.
  • The forged FeatureAuthorization persists in the target server's data, meaning the tampered consent state remains until explicitly corrected by a server administrator.
  • Federated peers that trust the Collection data may surface accounts as featured or endorsed by a server community when no such endorsement was given.

How HarborGuard Handles This

Available on HarborGuard: because no upstream patch exists for CVE-2026-47777, HarborGuard continuously monitors the Mastodon advisory across every ingest cycle and will surface a patched-image rebuild the moment version 4.6.0-beta.1 or a later stable release is published. For customers who opt into auto-remediation, the full flow (rebuild, regression test, PR against affected workloads) will trigger automatically without requiring manual intervention. In the interim, compensating controls available to customer teams include disabling the experimental Collections feature by unsetting the EXPERIMENTAL_FEATURES environment variable, applying network policy to restrict inbound ActivityPub federation traffic to known trusted peers, and isolating affected Mastodon instances from broader public federation until a fix is available. Where compliance policy permits, HarborGuard can flag any image with the experimental feature flag set as non-compliant, providing an additional gate in the deployment pipeline.

See how HarborGuard automates this
Affected packages
  • mastodon / mastodon
    >= nightly.2026-03-10, < 4.6.0-beta.1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References