Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception vulerability), due to missing exception handling in the math sanitizer. Malformed <math> nodes can result in a DoS of a whole server or targeted users services, depending on the type of action that includes the malformed nodes and the services interacting with it. This vulnerability is fixed in 4.5.11, 4.4.18, and 4.3.24.
History

Thu, 25 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
First Time appeared Joinmastodon
Joinmastodon mastodon
Vendors & Products Joinmastodon
Joinmastodon mastodon

Wed, 24 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by (Uncaught Exception vulerability), due to missing exception handling in the math sanitizer. Malformed <math> nodes can result in a DoS of a whole server or targeted users services, depending on the type of action that includes the malformed nodes and the services interacting with it. This vulnerability is fixed in 4.5.11, 4.4.18, and 4.3.24.
Title Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER
Weaknesses CWE-248
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-24T19:50:51.968Z

Updated: 2026-06-25T13:25:42.411Z

Reserved: 2026-06-03T18:49:32.275Z

Link: CVE-2026-50129

cve-icon Vulnrichment

Updated: 2026-06-25T13:25:39.004Z

cve-icon NVD

No data.

cve-icon Redhat

No data.