CVE-2026-40905

Name of the Vulnerable Software and Affected Versions LinkAce versions prior to 2.5.4

Description An issue exists where the application improperly trusts user-controlled HTTP headers. Specifically, the application uses the X-Forwarded-Host header when generating password reset URLs. An attacker can manipulate this header during a password reset request to inject a malicious domain into the reset link sent via email. If a victim clicks this link, the password reset token is transmitted to the attacker-controlled server, allowing the attacker to capture the token and reset the victim's password, resulting in full account takeover.

Recommendations Update to version 2.5.4.