CVE-2026-33868 | Mastodon up to 4.3.20/4.4.14/4.5.7 URL /web/ redirect (GHSA-xqw8-4j56-5hj6)

A vulnerability was found in Mastodon up to 4.3.20/4.4.14/4.5.7 and classified as problematic. This impacts an unknown function of the file /web/ of the component URL Handler. Executing a manipulation can lead to open redirect.

This vulnerability is tracked as CVE-2026-33868. The attack can be launched remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More