CVE-2026-33953— LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-33953
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce
Source: NVD (National Vulnerability Database)
Vulnerability Description
LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
服务端请求伪造(SSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
LinkAce 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
LinkAce是Kevin Woblick个人开发者的一个自托管档案库,用于收集您最喜爱的网站的链接。 LinkAce 2.5.3之前版本存在代码问题漏洞,该漏洞源于仍会对内部主机名引用的内部资源执行服务器端请求,可能导致经过身份验证的用户触发对LinkAce服务器可达但外部用户不可达的内部服务的服务器端请求。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-33953
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-33953
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: LinkAce
- CVE-2026-40905
LinkAce: Password Reset Poisoning via X-Forwarded-Host Heade - CVE-2026-35516
LinkAce has SSRF via CheckLinksCommand - Link URL Update Byp - CVE-2026-33954
LinkAce discloses private notesto unauthorized authenticated - CVE-2026-30954
LinkAce has a Cross-User Tag/List Attachment IDOR in process - CVE-2026-30953
LinkAce affected by SSRF via link creation: NoPrivateIpRule
Same vendor: Kovah
- CVE-2026-40905
LinkAce: Password Reset Poisoning via X-Forwarded-Host Heade - CVE-2026-35516
LinkAce has SSRF via CheckLinksCommand - Link URL Update Byp - CVE-2026-33954
LinkAce discloses private notesto unauthorized authenticated - CVE-2026-30954
LinkAce has a Cross-User Tag/List Attachment IDOR in process - CVE-2026-30953
LinkAce affected by SSRF via link creation: NoPrivateIpRule
Same weakness: CWE-918
- CVE-2026-8193
Akaunting Invoice PDF Rendering dompdf.php server-side reque - CVE-2026-44313
LinkWarden: Server-Side Request Forgery (SSRF) in Link Creat - CVE-2026-42352
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processe - CVE-2026-42346
Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validatio - CVE-2026-42339
New API: SSRF Filter Bypass via 0.0.0.0
V. Comments for CVE-2026-33953
No comments yet