CVE-2026-7502

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.4 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L                                    

Vulnerability Description

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Vulnerability Details

Published Date

April 30, 2026

Last Modified

April 30, 2026

CWE ID

CWE-285

Source

NVD

External References

https://github.com/LinkStackOrg/LinkStack/
https://github.com/LinkStackOrg/LinkStack/pull/975
https://github.com/LinkStackOrg/LinkStack/pull/975#issuecomment-4224234970
https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md
https://vuldb.com/submit/801787
https://vuldb.com/vuln/360312
https://vuldb.com/vuln/360312/cti

CVE-2026-7502

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment