Linx CVE-2026-52101
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Remote unauthenticated URL-based upload yields high confidentiality disclosure (C:H); the description and CWE-200 indicate no integrity or availability impact, so I:N/A:N contrary to the input's I:H.
Primary rating from Vendor (mitre).
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionCVE.org
An issue in andreimarcu linux-server v.1.0 through v.2.3.8 allows a remote attacker to obtain sensitive information via the function uploadRemote function in upload.go
AnalysisAI
Information disclosure in andreimarcu Linx (linx-server) versions 1.0 through 2.3.8 lets remote attackers retrieve sensitive data through the uploadRemote function in upload.go, which fetches attacker-supplied remote URLs on the server's behalf. The flaw carries a CVSS 9.1 rating with a network, unauthenticated, low-complexity vector, so exploitation requires no credentials or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target Linx (linx-server, v1.0-v2.3.8) instance expose the remote/URL-based upload functionality that routes through the uploadRemote function in upload.go, and that this endpoint be reachable over the network. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are mixed and warrant scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An unauthenticated attacker submits a remote-upload request to a public Linx instance, supplying a URL that points at an internal service or metadata endpoint rather than a normal file. The uploadRemote function fetches it server-side and the response is exposed back to the attacker, disclosing internal content. … |
| Remediation | No vendor-released patch or fixed version was identified in the available data, so no confirmed upgrade target can be cited; monitor https://github.com/andreimarcu/linx-server for a release above 2.3.8 addressing the uploadRemote path. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all systems running Linx versions 1.0-2.3.8 and restrict network access to the uploadRemote endpoint using firewall rules or reverse proxy configuration; document current data exposure. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today