XSS in Linkwarden

CVE-2026-42455

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint (POST /api/v1/archives/[linkId]?format=4) accepts HTML files (text…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (10.1th percentile) — read the EPSS interpretation.