CVE-2026-35516— LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection

LinkAce has SSRF via CheckLinksCommand - Link URL Update Bypasses laravel-html-meta Protection

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

服务端请求伪造(SSRF)

LinkAce 代码问题漏洞

LinkAce是Kevin Woblick个人开发者的一个自托管档案库，用于收集您最喜爱的网站的链接。 LinkAce 2.5.4之前版本存在代码问题漏洞，该漏洞源于未检查私有IP，可能导致经过身份验证的用户通过创建和更新链接读取内部服务响应，从而泄露云凭据、内部服务数据和网络拓扑。

N/A

N/A