High severity8.5NVD Advisory· Published Mar 27, 2026· Updated Mar 31, 2026
CVE-2026-33953
CVE-2026-33953
Description
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjgnvdExploitVendor Advisory
News mentions
0No linked articles in our index yet.