CVE-2026-33953

High CVSS: 8.5

LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue.

Vendor

Linkace

Product

Linkace

CWE

CWE-918

Yayın Tarihi

2026-03-27 22:16:21

Güncelleme

2026-03-31 17:57:08

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-918 Linkace HIGH Linkace 2026

Referanslar

https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg

Benzer Kayıtlar

Medium

CVE-2026-33954

LinkAce is a self-hosted archive to collect website links. In versions prior to 2.5.3, a private note attached to a non-…

High

CVE-2026-30953

LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetche…

Medium

CVE-2026-30954

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRep…

High

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting v…

High

CVE-2025-62722

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, the social media sharing functio…

High

CVE-2025-62721

LinkAce is a self-hosted archive to collect website links. In versions 2.3.1 and below, authenticated RSS feed endpoints…