{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33953", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T19:50:52.106Z", "datePublished": "2026-03-27T21:22:03.963Z", "dateUpdated": "2026-03-30T15:39:58.365Z"}, "containers": {"cna": {"title": "LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg"}], "affected": [{"vendor": "Kovah", "product": "LinkAce", "versions": [{"version": "< 2.5.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T21:22:03.963Z"}, "descriptions": [{"lang": "en", "value": "LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue."}], "source": {"advisory": "GHSA-wp4g-qw9j-wfjg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:39:48.692206Z", "id": "CVE-2026-33953", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:39:58.365Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33953", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T15:39:48.692206Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:39:54.533Z"}}], "cna": {"title": "LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce", "source": {"advisory": "GHSA-wp4g-qw9j-wfjg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Kovah", "product": "LinkAce", "versions": [{"status": "affected", "version": "< 2.5.3"}]}], "references": [{"url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg", "name": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T21:22:03.963Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33953", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:39:58.365Z", "dateReserved": "2026-03-24T19:50:52.106Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T21:22:03.963Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue."}], "id": "CVE-2026-33953", "lastModified": "2026-03-30T13:26:07.647", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T22:16:21.760", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LinkAce", "source": "cna", "vendor": "Kovah"}, "product": "linkace", "vendor": "kovah"}], "analysis": {"en": {"generated_at": "2026-03-28T06:12:49.476693+00:00", "value": {"mitigation_remediation": ["Upgrade LinkAce to version 2.5.3 or later", "Verify that internal hostnames cannot be resolved or that outbound requests are restricted", "Apply network segmentation or firewall rules to limit the application server\u2019s access to sensitive internal services"], "summary": {"action": "Patch Immediately", "impact": "Server\u2011Side Request Forgery enabling internal network access"}, "threat_synthesis": {"affected_systems": "Versions of the LinkAce application from Kovah older than 2.5.3 are affected. Users running those releases are susceptible to this SSRF bypass. The patch is included in version 2.5.3, which eliminates the protection bypass by correctly handling internal hostname resolution.", "description_and_impact": "This flaw allows an authenticated user of LinkAce to trigger server\u2011side requests to internal services using hostnames that resolve to private IP addresses. The bypass grants the attacker the ability to reach resources hidden behind the application server's internal network, which could be used for enumeration, data exfiltration, or further attacks against internal services. The vulnerability is a classic Server\u2011Side Request Forgery.", "risk_and_exploitability": "The CVSS base score of 8.5 indicates a high\u2011severity flaw. No reported exploitation has been documented, and the issue is not listed in directed known\u2011exploited vulnerability catalogs. Exploitation requires authenticated access to the application; an attacker would need to log in and provide an internal hostname to trigger the server\u2011side request. If internal services are reachable from the application server, they may be accessed or stressed by an attacker."}}}}, "created": "2026-03-29T20:29:41.689065+00:00", "updated": "2026-03-30T07:00:08.912248+00:00", "vendors": ["kovah", "kovah$PRODUCT$linkace"]}