PT-2026-28577 · Linkace · Linkace

Amemoyoi

Published

2026-03-27

Updated

2026-03-28

CVE-2026-33953

CVSS v3.1

8.5

High

Vector

AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.3

Description LinkAce is a self-hosted archive for collecting website links. Versions before 2.5.3 prevent direct requests to private IP literals, but continue to make server-side requests to internal resources when referenced via an internal hostname. This allows an authenticated user to initiate server-side requests to internal services accessible by the LinkAce server, but not directly accessible from outside the network. The issue involves server-side request forgery, where an attacker can leverage the server to access internal resources.

Recommendations Update to version 2.5.3 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2026-33953

GHSA-WP4G-QW9J-WFJG

Affected Products

Linkace

PT-2026-28577 · Linkace · Linkace

CVE-2026-33953

Weakness Enumeration

Related Identifiers

Affected Products

References · 7