{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33953", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-24T19:50:52.106Z", "datePublished": "2026-03-27T21:22:03.963Z", "dateUpdated": "2026-03-30T15:39:58.365Z"}, "containers": {"cna": {"title": "LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg"}], "affected": [{"vendor": "Kovah", "product": "LinkAce", "versions": [{"version": "< 2.5.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T21:22:03.963Z"}, "descriptions": [{"lang": "en", "value": "LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue."}], "source": {"advisory": "GHSA-wp4g-qw9j-wfjg", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-30T15:39:48.692206Z", "id": "CVE-2026-33953", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:39:58.365Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33953", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-30T15:39:48.692206Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-30T15:39:54.533Z"}}], "cna": {"title": "LinkAce's SSRF protection can be bypassed via internal hostname resolution in LinkAce", "source": {"advisory": "GHSA-wp4g-qw9j-wfjg", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Kovah", "product": "LinkAce", "versions": [{"status": "affected", "version": "< 2.5.3"}]}], "references": [{"url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg", "name": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T21:22:03.963Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33953", "state": "PUBLISHED", "dateUpdated": "2026-03-30T15:39:58.365Z", "dateReserved": "2026-03-24T19:50:52.106Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T21:22:03.963Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linkace:linkace:*:*:*:*:*:*:*:*", "matchCriteriaId": "5085A4DA-FF49-40D4-84A3-AFAFEC3902FC", "versionEndExcluding": "2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LinkAce is a self-hosted archive to collect website links. Versions prior to 2.5.3 block direct requests to private IP literals, but still performs server-side requests to internal-only resources when those resources are referenced through an internal hostname. This allows an authenticated user to trigger server-side requests to internal services reachable by the LinkAce server but not directly reachable by an external user. Version 2.5.3 patches the issue."}], "id": "CVE-2026-33953", "lastModified": "2026-03-31T17:57:08.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T22:16:21.760", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Kovah/LinkAce/security/advisories/GHSA-wp4g-qw9j-wfjg"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.3)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LinkAce", "source": "cna", "vendor": "Kovah"}, "product": "linkace", "vendor": "kovah"}], "analysis": {"en": {"generated_at": "2026-03-31T20:07:44.939738+00:00", "value": {"mitigation_remediation": ["Upgrade LinkAce to version\u202f2.5.3 or later to eliminate the SSRF flaw", "If an upgrade is not immediately possible, restrict LinkAce\u2019s outbound network traffic to exclude internal hostnames or apply firewall rules blocking requests to private service ranges", "Monitor server logs for unexpected internal hostname resolutions or outbound HTTP requests that may indicate residual SSRF activity"], "summary": {"action": "Immediate Patch", "impact": "Server\u2011Side Request Forgery"}, "threat_synthesis": {"affected_systems": "The flaw exists in Kovah\u2019s LinkAce releases older than version 2.5.3, where the SSRF protection fails to block requests originating from internal hostnames. Version 2.5.3 introduces the fix that fully blocks such SSRF attempts.", "description_and_impact": "LinkAce implements a firewall that blocks direct requests to private IP addresses, but this protection can be bypassed when an internal hostname is used. The vulnerability is an instance of Server\u2011Side Request Forgery, CWE\u2011918, that allows an authenticated user to force the application to resolve an internal hostname and reach internal\u2011only resources. This could expose sensitive data or enable lateral movement within the internal network.", "risk_and_exploitability": "The CVSS score of 8.5 indicates high severity, but the EPSS score of less than 1\u202f% suggests low exploitation probability. The vulnerability is not listed in CISA\u2019s KEV catalog. Attack requires user authentication and the ability to specify internal hostnames, limiting impact to privileged accounts. Despite the low likelihood of exploitation, the potential damage warrants immediate remediation."}}}}, "created": "2026-03-29T20:29:41.689065+00:00", "updated": "2026-03-31T20:11:53.568099+00:00", "vendors": ["kovah", "kovah$PRODUCT$linkace"]}