https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw

>Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account.

A similar vulnerability was discovered and closed in Mitra. As far as I know, takeover is not possible here, only impersonation, but still it can be quite bad. Update to v2.8.0 if you haven't already

Other Fediverse software might also be affected