CVE-2026-35516: CWE-918: Server-Side Request Forgery (SSRF) in Kovah LinkAce
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.
AI Analysis
Technical Summary
LinkAce before version 2.5.4 contains an SSRF vulnerability (CWE-918) where authenticated users can manipulate link URLs to cause the server to make requests to internal IP addresses. The affected functions do not restrict requests to private IP ranges, and the server-side cron job performs these requests without filtering. This allows attackers to access internal cloud metadata services (e.g., AWS IMDSv1) and internal APIs, potentially exposing sensitive data such as cloud credentials and network infrastructure details. The issue is resolved in LinkAce 2.5.4.
Potential Impact
An authenticated attacker can leverage this SSRF vulnerability to read responses from internal services that are normally inaccessible externally. This includes cloud metadata services and internal APIs, which may contain sensitive information such as cloud credentials and network topology. The impact is limited to information disclosure and does not include integrity or availability impacts according to the CVSS vector. The vulnerability has a medium severity rating with a CVSS score of 5.0.
Mitigation Recommendations
A patch is available in LinkAce version 2.5.4 that fixes this SSRF vulnerability by implementing proper validation and filtering of private IP addresses in link updates and checks. Users should upgrade to version 2.5.4 or later to remediate this issue. Since this is a self-hosted product, administrators must apply the update themselves. No additional vendor advisory content is provided, so check the official Kovah LinkAce release notes for confirmation and detailed upgrade instructions.
CVE-2026-35516: CWE-918: Server-Side Request Forgery (SSRF) in Kovah LinkAce
Description
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LinkAce before version 2.5.4 contains an SSRF vulnerability (CWE-918) where authenticated users can manipulate link URLs to cause the server to make requests to internal IP addresses. The affected functions do not restrict requests to private IP ranges, and the server-side cron job performs these requests without filtering. This allows attackers to access internal cloud metadata services (e.g., AWS IMDSv1) and internal APIs, potentially exposing sensitive data such as cloud credentials and network infrastructure details. The issue is resolved in LinkAce 2.5.4.
Potential Impact
An authenticated attacker can leverage this SSRF vulnerability to read responses from internal services that are normally inaccessible externally. This includes cloud metadata services and internal APIs, which may contain sensitive information such as cloud credentials and network topology. The impact is limited to information disclosure and does not include integrity or availability impacts according to the CVSS vector. The vulnerability has a medium severity rating with a CVSS score of 5.0.
Mitigation Recommendations
A patch is available in LinkAce version 2.5.4 that fixes this SSRF vulnerability by implementing proper validation and filtering of private IP addresses in link updates and checks. Users should upgrade to version 2.5.4 or later to remediate this issue. Since this is a self-hosted product, administrators must apply the update themselves. No additional vendor advisory content is provided, so check the official Kovah LinkAce release notes for confirmation and detailed upgrade instructions.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-03T02:15:39.280Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d52344aaed68159a2ec61e
Added to database: 4/7/2026, 3:31:16 PM
Last enriched: 4/7/2026, 3:47:57 PM
Last updated: 4/8/2026, 12:43:32 AM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.