Open Redirect CVE-2026-40905

| EUVD-2026-24473 HIGH
URL Redirection to Untrusted Site (Open Redirect) (CWE-601)
2026-04-21 GitHub_M
Open Redirect Linkace
8.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
Patch available
Apr 21, 2026 - 22:17 EUVD

DescriptionNVD

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipulating this header during a password reset request, an attacker can inject an attacker-controlled domain into the reset link sent via email. As a result, the victim receives a password reset email containing a malicious link pointing to an attacker-controlled domain. When the victim clicks the link, the password reset token is transmitted to the attacker-controlled server. An attacker can capture this token and use it to reset the victim’s password, leading to full account takeover. This vulnerability is fixed in 2.5.4.

Analysis

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-40905 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy