CVE-2026-30953
Received Received - Intake
Server-Side Request Forgery in LinkAce Link Creation Endpoint

Publication date: 2026-03-10

Last updated on: 2026-03-17

Assigner: GitHub, Inc.

Description
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL (LinkRepository::create() calls HtmlMeta::getFromUrl()). The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-side requests to internal network addresses, Docker service hostnames, and cloud metadata endpoints. The project already has a NoPrivateIpRule class (app/Rules/NoPrivateIpRule.php) but it is only applied in FetchController.php (line 99), not in the primary link creation path.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-10
Last Modified
2026-03-17
Generated
2026-05-07
AI Q&A
2026-03-10
EPSS Evaluated
2026-05-05
NVD
CVE-2026-30953
EUVD
EUVD-2026-10874
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linkace linkace to 2.0.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in LinkAce, a self-hosted archive for collecting website links. When a user creates a link using the POST /links endpoint, the server fetches HTML metadata from the provided URL. However, the validation rules for creating links do not include a check to block requests to private IP addresses or internal network resources (NoPrivateIpRule). Although the project has a NoPrivateIpRule class, it is only applied in a different part of the application (FetchController.php) and not in the main link creation process. This allows an attacker to make the server perform requests to internal network addresses, Docker service hostnames, or cloud metadata endpoints.


How can this vulnerability impact me? :

This vulnerability can allow an attacker to make the server send requests to internal network resources that are normally inaccessible from outside. This can lead to unauthorized access to sensitive internal services, exposure of cloud metadata endpoints, or interaction with Docker service hostnames. Such actions can result in information disclosure or further exploitation within the internal network.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart