CVE-2026-50131 is a HIGH-severity vulnerability in the Fedify library, affecting versions prior to 1.9.12, 1.10.11, 2.0.19, 2.1.15, and 2.2.4. The issue is an incomplete IPv4 validation logic, which could allow for Server-Side Request Forgery (SSRF) attacks. The `validatePublicUrl()` protection relies on `isValidPublicIPv4Address()` to reject non-public IPv4 destinations. However, the function blocks comm [truncated]
CVE-2026-42462 is a HIGH severity vulnerability in Fedify, a TypeScript library for building federated server apps. Prior to versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, and 2.2.3, an attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have r [truncated]
