{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-16T10:06:00.536","vulnerabilities":[{"cve":{"id":"CVE-2026-25808","sourceIdentifier":"security-advisories@github.com","published":"2026-02-09T22:16:02.440","lastModified":"2026-02-28T00:17:33.850","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixed in 0.6.20 and 0.7.2."},{"lang":"es","value":"Hollo es un software de microblogging de un solo usuario federado diseñado para ser federado a través de ActivityPub. Antes de 0.6.20 y 0.7.2, existe una vulnerabilidad de seguridad donde los mensajes directos (MD) y las publicaciones solo para seguidores fueron expuestos a través del endpoint de bandeja de salida de ActivityPub sin autorización. Esta vulnerabilidad está corregida en 0.6.20 y 0.7.2."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fedify:hollo:*:*:*:*:*:*:*:*","versionStartIncluding":"0.6.0","versionEndExcluding":"0.6.20","matchCriteriaId":"A1422F95-7A77-4327-B1F1-95B79678E9AB"},{"vulnerable":true,"criteria":"cpe:2.3:a:fedify:hollo:*:*:*:*:*:*:*:*","versionStartIncluding":"0.7.0","versionEndExcluding":"0.7.2","matchCriteriaId":"10E08CBE-B4F8-4DF9-A84F-BCC0BAEF3A4C"}]}]}],"references":[{"url":"https://github.com/fedify-dev/hollo/commit/329969c502ef092d5c3f9c2c20421c34f4ff0f0e","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/fedify-dev/hollo/releases/tag/0.6.20","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/fedify-dev/hollo/releases/tag/0.7.2","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/fedify-dev/hollo/security/advisories/GHSA-6r2w-3pcj-v4v5","source":"security-advisories@github.com","tags":["Vendor Advisory","Exploit"]}]}}]}