Detections
Analytics
CVE-2026-30954
medium
Description
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.
References
https://github.com/Kovah/LinkAce/security/advisories/GHSA-vc99-cgj6-wwxh
Details
Published: 2026-03-10
Updated: 2026-03-17
Risk Information
CVSS v2
Base Score: 4
Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:N
Severity: Medium
CVSS v3
Base Score: 4.3
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Severity: Medium
CVSS v4
Base Score: 5.3
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Severity: Medium
EPSS
EPSS: 0.00038