CVE-2026-27477 | Mastodon up to 4.4.13/4.5.6 FASP Feature EXPERIMENTAL_FEATURES server-side request forgery

A vulnerability labeled as critical has been found in Mastodon up to 4.4.13/4.5.6. Affected by this vulnerability is an unknown functionality of the component FASP Feature. Executing a manipulation of the argument EXPERIMENTAL_FEATURES can lead to server-side request forgery.

The identification of this vulnerability is CVE-2026-27477. The attack may be launched remotely. There is no exploit available.

The affected component should be upgraded.VulDB Recent EntriesRead More