Is there a public PoC exploit available for EUVD-2026-26449?

Yes, a public proof-of-concept exploit is available for EUVD-2026-26449. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for EUVD-2026-26449?

Yes, a patch is available for EUVD-2026-26449. Update the affected software to the latest version immediately.

LinkStack EUVD-2026-26449

Q: What is the CVSS score of EUVD-2026-26449?

EUVD-2026-26449 has a CVSS 4.0 base score of 2.1 (Low). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-7502 LOW

Authorization Bypass Through User-Controlled Key (CWE-639)

2026-04-30 VulDB

PHP Authentication Bypass

2.1

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

PoC Detected

May 01, 2026 - 15:26 vuln.today

Public exploit code

Severity Changed

Apr 30, 2026 - 22:22 NVD

MEDIUM LOW

CVSS changed

Apr 30, 2026 - 22:22 NVD

5.4 (MEDIUM) 2.1 (LOW)

Source Code Evidence Fetched

Apr 30, 2026 - 22:01 vuln.today

Analysis Generated

Apr 30, 2026 - 22:01 vuln.today

EUVD ID Assigned

Apr 30, 2026 - 21:45 euvd

EUVD-2026-26449

Analysis Generated

Apr 30, 2026 - 21:45 vuln.today

Patch released

Apr 30, 2026 - 21:45 nvd

Patch available

CVE Published

Apr 30, 2026 - 21:15 nvd

LOW 2.1

DescriptionNVD

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

AnalysisAI

LinkStack up to version 4.8.6 contains an authorization bypass vulnerability in the saveLink function of UserController.php that allows authenticated attackers to modify links belonging to other users via insecure direct object references (IDOR). The vulnerability affects the Management Endpoint and enables remote attackers with valid credentials to manipulate or delete arbitrary user links, with publicly available exploit code and an unmerged patch awaiting acceptance.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-26449 vulnerability details – vuln.today

Back