Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-47777

CVE-2026-47777: Mastodon Auth Bypass Vulnerability

CVE-2026-47777 is an authentication bypass flaw in Mastodon's experimental Collections feature that lets attackers forge consent authorizations. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-47777 Overview

CVE-2026-47777 is a high-severity authentication of data origin flaw [CWE-345] in Mastodon, the open-source ActivityPub social network server. The vulnerability resides in the experimental Collections feature and stems from a missing verification step when validating remote account consent to be featured in a remote Collection. An attacker can forge a FeatureAuthorization object to make it appear that a remote account has consented to inclusion in a Collection when it has not. Only servers running the main branch or nightly builds with EXPERIMENTAL_FEATURES=collections are affected. The issue is patched in version 4.6.0-beta.1.

Critical Impact

Attackers can forge consent records and impersonate remote account approvals, undermining integrity of federated Collection membership across affected Mastodon instances.

Affected Products

  • Mastodon main branch builds with EXPERIMENTAL_FEATURES including collections
  • Mastodon nightly builds with the experimental Collections feature enabled
  • Fixed in Mastodon 4.6.0-beta.1

Discovery Timeline

  • 2026-06-15 - CVE-2026-47777 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2026-47777

Vulnerability Analysis

The Mastodon Collections feature uses a FeatureAuthorization ActivityPub object to record that a remote account has consented to appear in a remote Collection. The verification logic enforced that the FeatureAuthorization resides on the same domain as the object it references. However, the code did not verify that the referenced object actually matches the account being added to the Collection item. This gap allows an attacker controlling a domain to mint a FeatureAuthorization for one of their own accounts and reuse it to authorize inclusion of a different, non-consenting account from the same domain. The result is a federation-layer integrity failure where Collection membership no longer reflects actual user consent.

Root Cause

The root cause is insufficient verification of data authenticity [CWE-345] in app/services/activitypub/process_featured_item_service.rb and app/services/activitypub/verify_featured_item_service.rb. The services parsed the authorization document and confirmed host alignment but failed to cross-check that the interactionTarget actor matched the featuredObject actor declared in the collection item. Without that linkage, the authorization could be relinked to an unrelated account.

Attack Vector

The attack is network-based, requires no authentication, and no user interaction. An attacker operating a federated ActivityPub server crafts a Collection item whose featuredObject points to a victim account on the attacker's domain, while supplying a featureAuthorization URI that was legitimately issued for a different account on the same domain. The receiving Mastodon server accepts the forged consent and includes the victim in the Collection.

ruby
# Patch: app/services/activitypub/process_featured_item_service.rb
@collection = collection
@request_id = request_id
@item_json = uri_or_object.is_a?(String) ? fetch_resource(uri_or_object, true) : uri_or_object
@actor_uri = value_or_id(@item_json['featuredObject'])
@approval_uri = value_or_id(@item_json['featureAuthorization'])
return if non_matching_uri_hosts?(@collection.uri, @item_json['id'])
return if non_matching_actor_and_approval_uris?

with_redis_lock("collection_item:#{@item_json['id']}") do
  @collection_item = existing_item || pre_approved_item || new_item

Source: Mastodon commit 22203f8

ruby
# Patch: app/services/activitypub/verify_featured_item_service.rb
@collection_uri = value_or_id(@authorization['interactingObject'])
@actor_uri = value_or_id(@authorization['interactionTarget'])

return if non_matching_uri_hosts?(approval_uri, @actor_uri)
return unless matching_type? && matching_collection_uri? && matching_actors?

account = Account.where(uri: @collection_item.object_uri).first
account ||= ActivityPub::FetchRemoteAccountService.new.call(@collection_item.object_uri, request_id:)

Source: Mastodon commit 22203f8

The fix introduces a matching_actors? check that ensures the authorization's interactionTarget equals the actor declared in the collection item, closing the forgery path.

Detection Methods for CVE-2026-47777

Indicators of Compromise

  • Inbound ActivityPub payloads referencing featureAuthorization URIs where interactionTarget does not match the featuredObject actor in the same Collection item.
  • Unexpected appearances of remote accounts in Collections that the account owner did not approve, especially originating from a small set of domains.
  • Sidekiq job logs in ProcessFeaturedItemService showing successful processing of items whose featuredObject host differs from the authorizing actor.

Detection Strategies

  • Inspect federation logs for repeated Collection item submissions from the same remote host targeting different local or remote actors.
  • Audit the collection_items table for rows whose object_uri actor differs from the actor in the associated FeatureAuthorization payload.
  • Alert on environments where the EXPERIMENTAL_FEATURES variable contains collections outside of explicitly sanctioned test deployments.

Monitoring Recommendations

  • Forward Mastodon Rails and Sidekiq logs to a centralized SIEM and search for ActivityPub objects of type FeatureAuthorization with mismatched interactionTarget values.
  • Track outbound complaint reports from federated peers indicating non-consensual Collection inclusion.
  • Monitor Mastodon release channels and the GitHub Security Advisories feed for follow-up advisories on the Collections feature.

How to Mitigate CVE-2026-47777

Immediate Actions Required

  • Upgrade Mastodon to 4.6.0-beta.1 or later if running main or nightly builds with experimental Collections enabled.
  • Unset or remove collections from the EXPERIMENTAL_FEATURES environment variable until the upgrade is applied.
  • Review existing Collection memberships for entries created before the patch and remove any unverified items.

Patch Information

The fix is delivered in commit 22203f8aeb03e8f14dc62e253e83db39825a5bcf and released in Mastodon 4.6.0-beta.1. The patch introduces actor-to-authorization cross-validation through new @actor_uri and @approval_uri fields and the matching_actors? check. See the GitHub Security Advisory GHSA-vg36-gxjg-2v46 for vendor guidance.

Workarounds

  • Disable the experimental Collections feature by removing collections from EXPERIMENTAL_FEATURES and restarting the Mastodon service.
  • Restrict federation with untrusted instances using Mastodon's domain block or allow-list features while the patch is being rolled out.
  • Rebuild and redeploy from the patched main branch if production deployments cannot wait for a tagged release.
bash
# Disable experimental Collections feature in Mastodon environment
# Edit .env.production and remove 'collections' from EXPERIMENTAL_FEATURES
sed -i 's/EXPERIMENTAL_FEATURES=.*collections.*/EXPERIMENTAL_FEATURES=/' /home/mastodon/live/.env.production

# Restart Mastodon services to apply
systemctl restart mastodon-web mastodon-sidekiq mastodon-streaming

# Verify the variable no longer enables collections
grep EXPERIMENTAL_FEATURES /home/mastodon/live/.env.production

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne