Primary

Context

Mastodon Email Validation Vulnerability Allowing Domain Restriction Bypass

Vulnerability

A vulnerability in Mastodon prior to versions 4.5.9, 4.4.16, and 4.3.22 allows users to bypass email domain restrictions during sign-up. While Mastodon performs basic email validation and allows domain-based sign-up restrictions, it fails to adequately filter special characters that some mailing servers interpret differently. This oversight could enable attackers to manipulate email addresses and circumvent domain blocks or allow-lists.

Impact

The vulnerability could be exploited to bypass email domain restrictions, allowing users to sign up with addresses that would normally be blocked or to bypass verification requirements.

Remediation

Users can upgrade to Mastodon versions 4.5.9, 4.4.16, or 4.3.22 to address this vulnerability.

Added: Apr 23, 2026, 7:38 PM

Updated: Apr 23, 2026, 7:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

6.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mastodon Email Validation Vulnerability Allowing Domain Restriction Bypass

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating