sw-isac-fi
Picture of Jaz

Jaz

[View Source]

ISAC Alert - -

Pixelfed versions 0.12.4 and earlier contain a critical privacy vulnerability that impacts any and all Fediverse service providers that support follower-only messaging from follower-approvals-required accounts.

Ref: fokus.cool/2025/03/25/pixelfed

A tracking spreadsheet of domains by version is available at docs.google.com/spreadsheets/d

If you host accounts that expect their followers-only posts to be non-visible to unapproved followers on remote Pixelfed services, consider informing your members.

Report

Unauthorized control of a user account.
Disclosing someone’s personal, non-public information without the person’s consent.
Content describing or depicting things of an intimate, offensive, graphic, or violent nature.
False information that is spread unintentionally which may nonetheless mislead or increase likelihood of harm to persons.
Unsolicited repeated behavior against another person, usually with the intent to intimidate or cause emotional distress.
Fraudulent sending of messages purporting to be from reputable sources in order to induce individuals to reveal personal information.
Use of the network in a way that violates the terms of service, community guidelines, or other rules.
Unsolicited, low-quality communications.
Intentional provocation of hostility or confusion.

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .