B3NCLOUD ARTICLE INTELLIGENCE

ARTICLEVIEW

Zurück zu News

CVE-2026-58593 - NodeBB - ActivityPub Author Spoofing via Unvalidated attributedTo Mapped to Local User

CVE ID :CVE-2026-58593 Published : July 1, 2026, 7:27 p.m. | 1 hour, 45 minutes ago Description :NodeBB does not bind the claimed author of an inbound ActivityPub object to the authenticated remote actor. The inbound middleware verifies the HTTP-signature actor and checks the origin of...

Original-Artikel öffnen Zurück zur Übersicht