{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/linkace/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","linkace","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eLinkAce, a self-hosted archive for collecting website links, is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 2.5.3. This flaw, identified as CVE-2026-33953, stems from the application\u0026rsquo;s insufficient validation of user-supplied hostnames. Although direct requests to private IP literals are blocked, the application still performs server-side requests to internal resources when referenced through an internal hostname. An authenticated user can exploit this…\u003c/p\u003e\n","date_modified":"2026-03-27T22:16:21Z","date_published":"2026-03-27T22:16:21Z","id":"/briefs/2024-01-linkace-ssrf/","summary":"LinkAce versions prior to 2.5.3 are vulnerable to server-side request forgery (SSRF), allowing an authenticated user to trigger server-side requests to internal services by referencing internal hostnames.","title":"LinkAce Server-Side Request Forgery Vulnerability (CVE-2026-33953)","url":"https://feed.craftedsignal.io/briefs/2024-01-linkace-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Linkace","version":"https://jsonfeed.org/version/1.1"}