Pixelfed Vulnerability Exposes Private Posts Across the Fediverse
2025-03-30
A critical vulnerability in Pixelfed, a popular image-sharing platform, exposed private posts across the Fediverse. Due to an ActivityPub implementation flaw, anyone on a Pixelfed instance could follow private accounts on other servers and access their private posts. While a fix is available, the upgrade process is challenging, and the maintainer's handling of the situation has raised concerns about trust within the Fediverse ecosystem.