CVE-2026-44313

Name of the Vulnerable Software and Affected Versions Linkwarden versions prior to 2.13.0

Description Insufficient URL validation in the fetchTitleAndHeaders() function allows authenticated users to perform Server-Side Request Forgery (SSRF), a flaw where the server is tricked into making requests to unintended locations. The system only verifies that URLs begin with "http://" or "https://", enabling arbitrary HTTP requests to internal services.

Recommendations Update to version 2.13.0. As a temporary workaround, restrict access to the fetchTitleAndHeaders() function until the update is applied.