Vulnerabilities
CVE-2026-22245 - Mastodon has SSRF Protection bypass - Guide
CVE ID : CVE-2026-22245 Published : Jan. 8, 2026, 4:16 p.m. | 37 minutes ago Description : Mastodon is a free, open-source social network server based on ActivityPub. By nature, Mastodon performs a lot of outbound requests to user-provided domains. Mastodon, however, has some protection mechanism to disallow requests to local IP addresses (unless specified in `ALLOWED_PRIVATE_ADDRESSES`) to avoid the
