Incorrect Behavior Order: Validate Before Canonicalize

CVE-2026-42462

Low

0/10

Summary

An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked Data Signature, allowing them to alter a third-party signed activity they have received. Versions prior to 2.2.3 are affected.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: LOW

CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize

The software validates input before it is canonicalized, which prevents the software from detecting data that becomes invalid after the canonicalization step.

References

Advisory

Advisory Timeline

Published May 26, 2026

Incorrect Behavior Order: Validate Before Canonicalize

CVE-2026-42462

Summary

CWE-180 - Incorrect Behavior Order: Validate Before Canonicalize

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS