CVE-2026-35516: CWE-918: Server-Side Request Forgery (SSRF) in Kovah LinkAce
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.
AI Analysis
Technical Summary
LinkAce before version 2.5.4 contains an SSRF vulnerability (CWE-918) where authenticated users can manipulate link URLs to cause the server to make requests to internal IP addresses. The lack of validation in LinkRepository::update and CheckLinksCommand::checkLink allows bypassing restrictions on private IPs. The server-side links:check cron job executes these requests without filtering, enabling attackers to access sensitive internal resources such as cloud metadata services. This vulnerability has a CVSS 3.1 score of 5.0 (medium severity) and is patched in version 2.5.4. The product is a cloud service, so remediation is managed by the vendor.
Potential Impact
An authenticated user can leverage this SSRF vulnerability to read responses from internal services that are normally inaccessible externally. This includes cloud metadata services (e.g., AWS IMDSv1), internal APIs, and other private network resources. The exposure of such data can lead to disclosure of cloud credentials and internal network topology, which may facilitate further attacks. There is no indication of integrity or availability impact. No known exploits in the wild have been reported.
Mitigation Recommendations
A fix is available in LinkAce version 2.5.4 that properly validates and blocks requests to private IP addresses in the vulnerable functions. Since LinkAce is a cloud service, the vendor manages remediation server-side. Users should ensure they are running version 2.5.4 or later. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated.
CVE-2026-35516: CWE-918: Server-Side Request Forgery (SSRF) in Kovah LinkAce
Description
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
LinkAce before version 2.5.4 contains an SSRF vulnerability (CWE-918) where authenticated users can manipulate link URLs to cause the server to make requests to internal IP addresses. The lack of validation in LinkRepository::update and CheckLinksCommand::checkLink allows bypassing restrictions on private IPs. The server-side links:check cron job executes these requests without filtering, enabling attackers to access sensitive internal resources such as cloud metadata services. This vulnerability has a CVSS 3.1 score of 5.0 (medium severity) and is patched in version 2.5.4. The product is a cloud service, so remediation is managed by the vendor.
Potential Impact
An authenticated user can leverage this SSRF vulnerability to read responses from internal services that are normally inaccessible externally. This includes cloud metadata services (e.g., AWS IMDSv1), internal APIs, and other private network resources. The exposure of such data can lead to disclosure of cloud credentials and internal network topology, which may facilitate further attacks. There is no indication of integrity or availability impact. No known exploits in the wild have been reported.
Mitigation Recommendations
A fix is available in LinkAce version 2.5.4 that properly validates and blocks requests to private IP addresses in the vulnerable functions. Since LinkAce is a cloud service, the vendor manages remediation server-side. Users should ensure they are running version 2.5.4 or later. Patch status is confirmed by the vendor advisory. No additional mitigation steps are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-03T02:15:39.280Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Is Cloud Service
- true
Threat ID: 69d52344aaed68159a2ec61e
Added to database: 4/7/2026, 3:31:16 PM
Last enriched: 4/15/2026, 12:31:07 PM
Last updated: 5/21/2026, 8:11:49 PM
Views: 60
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.