Auth bypass in Kovah Linkace

CVE-2026-30954

LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing inte…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (15.4th percentile) — read the EPSS interpretation.

Affected products

Kovah Linkace — versions <= 2.1.0

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

https://github.com/Kovah/LinkAce/security/advisories/GHSA-vc99-cgj6-wwxh (x_refsource_CONFIRM)