CVE-2026-30954
LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.
| CWE | CWE-639 |
| Vendor | kovah |
| Product | linkace |
| Published | Mar 10, 2026 |
| Last Updated | Mar 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for kovah linkace
Be the first to know when new unknown vulnerabilities affecting kovah linkace are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Kovah / LinkAce
<= 2.1.0