CVE-2026-35516

| EUVD-2026-19682 MEDIUM
2026-04-07 GitHub_M
5.0
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
EUVD ID Assigned
Apr 07, 2026 - 15:30 euvd
EUVD-2026-19682
Analysis Generated
Apr 07, 2026 - 15:30 vuln.today
CVE Published
Apr 07, 2026 - 15:14 nvd
MEDIUM 5.0

Tags

SSRF

Description

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.

Analysis

Server-side request forgery (SSRF) in LinkAce prior to version 2.5.4 allows authenticated users to read responses from internal services by updating links to private IP addresses, exposing cloud credentials and internal service metadata. The links:check cron job executes requests without IP filtering, enabling attackers to probe AWS IMDSv1, cloud metadata endpoints, and internal APIs. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

25
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +25
POC: 0

Share

CVE-2026-35516 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy