Auth bypass in Kovah Linkace

CVE-2026-45342

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains an Insecure Direct Object Reference vulnerability in the authorization policy layer that allows any authenticated user to modify resources owned by…

Vulnerability class: IDOR (Insecure Direct Object Reference)

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.

Affected products

Kovah Linkace — versions < 2.5.6

Weakness classification (CWE)

CWE-639 — Authorization Bypass Through User-Controlled Key

References

security-advisories@github.com (x_refsource_CONFIRM)