CVE-2026-58593 - NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User
CVE ID :CVE-2026-58593 Published : July 1, 2026, 7:27 p.m. | 1 hour, 45 minutes ago Description :NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of...