ByteOS Network

NVD Vulnerability Details :

CVE-2026-40905

Deferred

Source-security-advisories@github.com

Published At-21 Apr, 2026 | 21:16

Updated At-22 Apr, 2026 | 21:08

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipulating this header during a password reset request, an attacker can inject an attacker-controlled domain into the reset link sent via email. As a result, the victim receives a password reset email containing a malicious link pointing to an attacker-controlled domain. When the victim clicks the link, the password reset token is transmitted to the attacker-controlled server. An attacker can capture this token and use it to reset the victim’s password, leading to full account takeover. This vulnerability is fixed in 2.5.4.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Weaknesses

CWE ID	Type	Source
CWE-601	Primary	security-advisories@github.com

CWE ID: CWE-601

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/Kovah/LinkAce/security/advisories/GHSA-48wv-jpf4-vjfv	security-advisories@github.com	N/A

Hyperlink: https://github.com/Kovah/LinkAce/security/advisories/GHSA-48wv-jpf4-vjfv

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History