Skip to main content

Linkace

17 CVEs product

Monthly

CVE-2026-45342 HIGH PATCH This Week

Cross-tenant resource tampering in LinkAce before 2.5.6 lets any authenticated user modify links, lists, tags, and notes belonging to other users whenever those resources have non-private visibility. The flaw exists in both the web UI and the REST API because the update() policy checks validate visibility instead of ownership, while delete() correctly enforces ownership. No public exploit identified at time of analysis, but the bug is trivially exploitable by any registered account on a vulnerable instance.

Authentication Bypass Linkace
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-45343 HIGH PATCH This Week

Stored cross-site scripting in LinkAce prior to 2.5.6 allows a low-privilege OAuth-authenticated user to plant a persistent JavaScript payload in the administrator-facing audit log via their OAuth display name and a subsequent API token creation. When an admin visits /system/audit, the payload executes in their browser, enabling session cookie theft, CSRF token exfiltration from the la-app-data meta tag, and full impersonation of admin privileges. No public exploit identified at time of analysis, but a vendor patch (2.5.6) and GitHub Security Advisory GHSA-jx4g-ph82-x9mm are available.

XSS CSRF Linkace
NVD GitHub
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-45344 HIGH PATCH This Week

Remote code execution in LinkAce self-hosted link archive versions prior to 2.5.6 allows unauthenticated remote attackers to inject arbitrary mail configuration variables into the application's .env file via the initial setup database configuration flow, leading to command execution when the application subsequently sends mail. The flaw, classified as CWE-74 injection, affects instances that have not yet completed the setup wizard and carries a CVSS 8.1 (High). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Code Injection Linkace
NVD GitHub
CVSS 3.1
8.1
EPSS
0.2%
CVE-2026-35516 MEDIUM PATCH This Month

Server-side request forgery (SSRF) in LinkAce prior to version 2.5.4 allows authenticated users to read responses from internal services by updating links to private IP addresses, exposing cloud credentials and internal service metadata. The links:check cron job executes requests without IP filtering, enabling attackers to probe AWS IMDSv1, cloud metadata endpoints, and internal APIs. The vulnerability requires authentication but operates over the network with low complexity, affecting all installations running versions before 2.5.4. No public exploit code or confirmed active exploitation has been identified at time of analysis.

SSRF Linkace
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-33954 MEDIUM PATCH This Month

LinkAce versions before 2.5.3 disclose private notes to authenticated users via the web interface when viewing shared links, despite the API correctly enforcing note visibility restrictions. An authenticated user can read another user's private notes attached to internal or public links by accessing the web link detail page, resulting in unauthorized information disclosure. Version 2.5.3 patches this authorization bypass.

Authentication Bypass Linkace
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33953 HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in LinkAce self-hosted link archival application allows authenticated users to bypass IP-based blocklist protections and access internal-only resources through hostname resolution. Attackers with low-privilege accounts can leverage this to probe internal network services, exfiltrate sensitive data from internal APIs, or pivot to otherwise unreachable infrastructure. CVSS 8.5 (High) with cross-scope impact reflects the potential for lateral movement beyond the application boundary. No active exploitation confirmed (CISA KEV: not listed), but the vulnerability class (CWE-918 SSRF) is commonly exploited when accessible to authenticated users. Patch available in version 2.5.3.

SSRF Linkace
NVD GitHub VulDB
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-30954 MEDIUM This Month

LinkAce versions 2.1.0 and earlier allow authenticated users to inappropriately associate other users' private taxonomies with their own links through insufficient authorization checks in the processTaxonomy() method. This enables privilege escalation where attackers can gain unauthorized access to private tags and lists belonging to other users on the same instance. The vulnerability requires valid authentication credentials and has no available patch at this time.

PHP Authentication Bypass Linkace
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-30953 HIGH This Week

Server-side request forgery in LinkAce allows authenticated users to make arbitrary HTTP requests to internal network addresses and cloud metadata endpoints by providing malicious URLs during link creation, bypassing validation controls that exist elsewhere in the application. An attacker with valid credentials can exploit this to access Docker service hostnames, internal services, and sensitive metadata endpoints. No patch is currently available for this vulnerability affecting PHP-based LinkAce deployments.

PHP Docker SSRF Linkace
NVD GitHub VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-27458 MEDIUM POC PATCH This Month

Stored XSS in LinkAce 2.4.2 and below allows authenticated users to inject malicious JavaScript through improperly sanitized list descriptions in the Atom feed endpoint, which executes in browsers via native SVG elements without requiring an RSS reader. An attacker can exploit this to perform actions on behalf of victims visiting the feed URL, with public exploit code already available. A patch is available to remediate this cross-site scripting vulnerability affecting the self-hosted link archiving application.

XSS Linkace
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-62722 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-62721 HIGH POC PATCH This Month

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Linkace
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-62720 HIGH POC PATCH This Month

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Linkace
NVD GitHub
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-62719 LOW POC PATCH Monitor

LinkAce is a self-hosted archive to collect website links. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Linkace
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-59424 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-53838 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 4.0
8.4
EPSS
0.0%
CVE-2024-56508 HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Linkace
NVD GitHub
CVSS 3.1
7.6
EPSS
0.4%
CVE-2024-56507 MEDIUM POC PATCH This Month

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Cross-tenant resource tampering in LinkAce before 2.5.6 lets any authenticated user modify links, lists, tags, and notes belonging to other users whenever those resources have non-private visibility. The flaw exists in both the web UI and the REST API because the update() policy checks validate visibility instead of ownership, while delete() correctly enforces ownership. No public exploit identified at time of analysis, but the bug is trivially exploitable by any registered account on a vulnerable instance.

Authentication Bypass Linkace
NVD GitHub
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Stored cross-site scripting in LinkAce prior to 2.5.6 allows a low-privilege OAuth-authenticated user to plant a persistent JavaScript payload in the administrator-facing audit log via their OAuth display name and a subsequent API token creation. When an admin visits /system/audit, the payload executes in their browser, enabling session cookie theft, CSRF token exfiltration from the la-app-data meta tag, and full impersonation of admin privileges. No public exploit identified at time of analysis, but a vendor patch (2.5.6) and GitHub Security Advisory GHSA-jx4g-ph82-x9mm are available.

XSS CSRF Linkace
NVD GitHub
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Remote code execution in LinkAce self-hosted link archive versions prior to 2.5.6 allows unauthenticated remote attackers to inject arbitrary mail configuration variables into the application's .env file via the initial setup database configuration flow, leading to command execution when the application subsequently sends mail. The flaw, classified as CWE-74 injection, affects instances that have not yet completed the setup wizard and carries a CVSS 8.1 (High). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Code Injection Linkace
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

Server-side request forgery (SSRF) in LinkAce prior to version 2.5.4 allows authenticated users to read responses from internal services by updating links to private IP addresses, exposing cloud credentials and internal service metadata. The links:check cron job executes requests without IP filtering, enabling attackers to probe AWS IMDSv1, cloud metadata endpoints, and internal APIs. The vulnerability requires authentication but operates over the network with low complexity, affecting all installations running versions before 2.5.4. No public exploit code or confirmed active exploitation has been identified at time of analysis.

SSRF Linkace
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

LinkAce versions before 2.5.3 disclose private notes to authenticated users via the web interface when viewing shared links, despite the API correctly enforcing note visibility restrictions. An authenticated user can read another user's private notes attached to internal or public links by accessing the web link detail page, resulting in unauthorized information disclosure. Version 2.5.3 patches this authorization bypass.

Authentication Bypass Linkace
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in LinkAce self-hosted link archival application allows authenticated users to bypass IP-based blocklist protections and access internal-only resources through hostname resolution. Attackers with low-privilege accounts can leverage this to probe internal network services, exfiltrate sensitive data from internal APIs, or pivot to otherwise unreachable infrastructure. CVSS 8.5 (High) with cross-scope impact reflects the potential for lateral movement beyond the application boundary. No active exploitation confirmed (CISA KEV: not listed), but the vulnerability class (CWE-918 SSRF) is commonly exploited when accessible to authenticated users. Patch available in version 2.5.3.

SSRF Linkace
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

LinkAce versions 2.1.0 and earlier allow authenticated users to inappropriately associate other users' private taxonomies with their own links through insufficient authorization checks in the processTaxonomy() method. This enables privilege escalation where attackers can gain unauthorized access to private tags and lists belonging to other users on the same instance. The vulnerability requires valid authentication credentials and has no available patch at this time.

PHP Authentication Bypass Linkace
NVD GitHub VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Server-side request forgery in LinkAce allows authenticated users to make arbitrary HTTP requests to internal network addresses and cloud metadata endpoints by providing malicious URLs during link creation, bypassing validation controls that exist elsewhere in the application. An attacker with valid credentials can exploit this to access Docker service hostnames, internal services, and sensitive metadata endpoints. No patch is currently available for this vulnerability affecting PHP-based LinkAce deployments.

PHP Docker SSRF +1
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Stored XSS in LinkAce 2.4.2 and below allows authenticated users to inject malicious JavaScript through improperly sanitized list descriptions in the Atom feed endpoint, which executes in browsers via native SVG elements without requiring an RSS reader. An attacker can exploit this to perform actions on behalf of victims visiting the feed URL, with public exploit code already available. A patch is available to remediate this cross-site scripting vulnerability affecting the self-hosted link archiving application.

XSS Linkace
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Month

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Linkace
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Month

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Linkace
NVD GitHub
EPSS 0% CVSS 2.3
LOW POC PATCH Monitor

LinkAce is a self-hosted archive to collect website links. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable. Public exploit code available.

SSRF Linkace
NVD GitHub
EPSS 0% CVSS 7.3
HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
EPSS 0% CVSS 8.4
HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect website links. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub
EPSS 0% CVSS 7.6
HIGH POC PATCH This Week

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS File Upload Linkace
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

LinkAce is a self-hosted archive to collect links of your favorite websites. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Linkace
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy