JSON-LD Restructuring Vulnerability in Fedify Library by Fedify
CVE-2026-42462
7HIGH
What is CVE-2026-42462?
The Fedify library, a TypeScript tool for creating federated server applications, is vulnerable to an issue involving JSON-LD processing. Attackers may exploit specific features of JSON-LD to modify the structure of a document without altering its Linked Data Signature. This manipulation can lead to the unauthorized alteration of third-party signed activities. Vulnerable versions include 1.9.10, 1.10.9, 2.0.17, 2.1.13, and 2.2.2. Users are advised to upgrade to fixed versions 1.9.11, 1.10.10, 2.0.18, 2.1.14, or 2.2.3 to mitigate this issue.
Affected Version(s)
fedify >= 2.2.0, < 2.2.3 < 2.2.0, 2.2.3
fedify >= 2.1.0, < 2.1.14 < 2.1.0, 2.1.14
fedify >= 2.0.0, < 2.0.18 < 2.0.0, 2.0.18
