lemmy — Vulnerabilities & Security Advisories 4

All 4 CVE vulnerabilities found in lemmy, with AI-generated Chinese analysis, references, and POCs.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-33693	Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid() CWE-918	6.5	Medium	2026-03-27
CVE-2026-29178	Lemmy: Unauthenticated SSRF via file_type query parameter injection in image endpoint CWE-918	7.5	-	2026-03-06
CVE-2025-25194	Server-Side Request Forgery (SSRF) in activitypub_federation CWE-918	4.0	Medium	2025-02-10
CVE-2024-23649	Any authenticated user may obtain private message details from other users on the same instance CWE-285	7.5	High	2024-01-24

All 4 known CVE vulnerabilities affecting lemmy with full Chinese analysis, references, and POCs where available.