CVE-2026-30954
Last modified
CVE-2026-30954 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.. EPSS estimates a 0.20% chance of exploitation in the next 30 days.
Description
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Linkace | Linkace | <= 2.1.0 |
References
- https://github.com/Kovah/LinkAce/security/advisories/GHSA-vc99-cgj6-wwxhMitigation, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2026-30954?
How severe is CVE-2026-30954?
How do I fix CVE-2026-30954?
Are you affected by CVE-2026-30954?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST