Primary

Context

Mastodon Denial-of-Service Vulnerability via Poll Options

Vulnerability

A denial-of-service vulnerability has been identified in Mastodon, a social network server based on ActivityPub. The issue affects versions prior to v4.3.18, v4.4.12, and v4.5.5. The vulnerability arises from the lack of a limit on the maximum number of poll options for remote posts. This oversight allows attackers to create polls with an excessive number of options, significantly increasing resource consumption. Depending on the volume of poll options, this could lead to disproportionate resource usage on both Mastodon servers and clients, causing potential denial-of-service conditions either server-side or client-side.

Impact

Exploitation of this vulnerability can cause severe resource exhaustion on both the server and client sides, leading to denial-of-service conditions.

Remediation

Users can upgrade to Mastodon versions v4.3.18, v4.4.12, or v4.5.5 to address this vulnerability.

Added: Jan 22, 2026, 3:26 AM

Updated: Jan 22, 2026, 3:26 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.3

exploitability

7.4

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mastodon Denial-of-Service Vulnerability via Poll Options

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating