CVE-2026-7502
Received Received - Intake
Authorization Bypass in LinkStack

Publication date: 2026-04-30

Last updated on: 2026-04-30

Assigner: VulDB

Description
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-05-01
EPSS Evaluated
2026-06-14
NVD
CVE-2026-7502
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linkstackorg linkstack to 4.8.6 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the LinkStackOrg LinkStack software up to version 4.8.6, specifically in the saveLink function within the UserController.php file of the Management Endpoint component.

The issue allows an attacker to bypass authorization controls, meaning they can perform actions without the proper permissions.

The attack can be carried out remotely, and the exploit has already been publicly disclosed.

A fix has been proposed via a pull request but has not yet been accepted.

Impact Analysis

This vulnerability can impact you by allowing unauthorized users to bypass security controls and perform actions they should not be allowed to.

Because the attack can be initiated remotely, it increases the risk of unauthorized access or manipulation of data or system functions.

Such unauthorized actions could lead to potential data integrity issues or disruption of service.

Compliance Impact

The vulnerability in LinkStackOrg LinkStack allows for authorization bypass via the saveLink function, which could potentially lead to unauthorized actions within the system.

Such an authorization bypass may impact compliance with standards and regulations like GDPR and HIPAA, as these require strict access controls to protect personal and sensitive data.

However, the provided information does not explicitly detail the direct effects on compliance or data exposure related to this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7502. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart