https://feed.craftedsignal.io/tags/linkace/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 22:16:21 +0000https://feed.craftedsignal.io/briefs/2024-01-linkace-ssrf/Fri, 27 Mar 2026 22:16:21 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-linkace-ssrf/LinkAce versions prior to 2.5.3 are vulnerable to server-side request forgery (SSRF), allowing an authenticated user to trigger server-side requests to internal services by referencing internal hostnames.<p>LinkAce, a self-hosted archive for collecting website links, is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 2.5.3. This flaw, identified as CVE-2026-33953, stems from the application&rsquo;s insufficient validation of user-supplied hostnames. Although direct requests to private IP literals are blocked, the application still performs server-side requests to internal resources when referenced through an internal hostname. An authenticated user can exploit this…</p> highadvisoryssrflinkacevulnerability