@Fedify/Fedify (< 2.2.3)

Fedify is vulnerable to CVE-2026-42462, a Linked Data Signature bypass via JSON-LD Named-Graph Restructuring, allowing attackers to alter third-party signed activities by manipulating the document structure without invalidating the signature, potentially leading to integrity, availability, and confidentiality issues.