HIGH
NodeBB
CVE published 2026-07-01
CVE-2026-58593
CVE-2026-58593 is a high-severity vulnerability in NodeBB's ActivityPub implementation. The issue allows a remote attacker to forge posts and direct messages attributed to arbitrary local users by exploiting the lack of validation for the 'attributedTo' field in inbound ActivityPub objects. This vulnerability has a CVSS score of 8.7 and is classified as HIGH. Administrators and users of NodeBB instances w [truncated]