{"@context":"https://openvex.dev/ns/v0.2.0","@id":"https://database.harborguard.co/cve/CVE-2026-47777/vex.json","author":"HarborGuard Database","role":"Document Creator","timestamp":"2026-06-15T18:51:29.498Z","version":1,"tooling":"HarborGuard Database (https://database.harborguard.co)","statements":[{"vulnerability":{"name":"CVE-2026-47777","@id":"https://www.cve.org/CVERecord?id=CVE-2026-47777","description":"Mastodon is a free, open-source social network server based on ActivityPub. In versions there is a missing condition in the check if remote accounts consented to be featured in a remote Collection could lead to attackers bypassing the check and faking consent. An attacker could forge the FeatureAuthorization object that is used to verify consent to be featured in a Collection and thus make it appear as if an account is allowed to be in a Collection when it actually is not. While the FeatureAutho"},"products":[{"@id":"cpe:2.3:a:mastodon:mastodon:\\>\\=_nightly.2026-03-10\\,_\\<_4.6.0-beta.1:*:*:*:*:*:*:*","identifiers":{"cpe23":"cpe:2.3:a:mastodon:mastodon:\\>\\=_nightly.2026-03-10\\,_\\<_4.6.0-beta.1:*:*:*:*:*:*:*"}}],"status":"affected","action_statement":"No fixed version is published yet; monitor the upstream advisory.","timestamp":"2026-06-15T18:51:29.498Z"}]}