CVE-2026-7502

EUVD-2026-26449
A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.4 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 12.86%
Common Weakness Enumeration
References
https://github.com/LinkStackOrg/LinkStack/
https://github.com/LinkStackOrg/LinkStack/pull/975
https://github.com/LinkStackOrg/LinkStack/pull/975#issuecomment-4224234970
https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md
https://vuldb.com/submit/801787
https://vuldb.com/vuln/360312
https://vuldb.com/vuln/360312/cti