Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
LinkAce: Authenticated Users Can Access Private Tags and Lists
CVE-2026-30954
Summary
Authenticated users can access private tags and lists from other users in LinkAce versions 2.1.0 and earlier. This can compromise the privacy of users who share links and tags. Update to version 2.1.1 or later to fix this issue.
Original title
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags an...
Original description
LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs.
nvd CVSS4.0
5.3
Vulnerability type
CWE-639
Authorization Bypass Through User-Controlled Key
Published: 10 Mar 2026 · Updated: 14 Mar 2026 · First seen: 10 Mar 2026