CVE-2026-7502
LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
| CWE | CWE-639 CWE-285 |
| Vendor | linkstackorg |
| Product | linkstack |
| Published | Apr 30, 2026 |
Stay Ahead of the Next One
Get instant alerts for linkstackorg linkstack
Be the first to know when new medium vulnerabilities affecting linkstackorg linkstack are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L/E:P/RL:X/RC:C Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
LinkStackOrg / LinkStack
4.8.0 4.8.1 4.8.2 4.8.3 4.8.4 4.8.5 4.8.6
References
vuldb.com: https://vuldb.com/vuln/360312 vuldb.com: https://vuldb.com/vuln/360312/cti vuldb.com: https://vuldb.com/submit/801787 github.com: https://github.com/LinkStackOrg/LinkStack/pull/975 github.com: https://github.com/LinkStackOrg/LinkStack/pull/975#issuecomment-4224234970 github.com: https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md github.com: https://github.com/LinkStackOrg/LinkStack/
Credits
๐ AliAz (VulDB User) VulDB CNA Team