VYPR
Unrated severityNVD Advisory· Published Feb 9, 2026· Updated Feb 10, 2026

Hollo DMs get leaked and can be seen on Webfinger Browser

CVE-2026-25808

Description

Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Prior to 0.6.20 and 0.7.2, there is a security vulnerability where DMs and followers-only posts were exposed through the ActivityPub outbox endpoint without authorization. This vulnerability is fixed in 0.6.20 and 0.7.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Fedify Dev/Hollollm-fuzzy2 versions
    < 0.6.20 || < 0.7.2+ 1 more
    • (no CPE)range: < 0.6.20 || < 0.7.2
    • (no CPE)range: < 0.6.20, 0.7.2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.