ByteOS Network

NVD Vulnerability Details :

CVE-2026-45344

Deferred

Source-security-advisories@github.com

Published At-28 May, 2026 | 22:17

Updated At-01 Jun, 2026 | 21:16

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup endpoints and supply a database they control can inject mail configuration variables and achieve command execution when the application later sends mail. This vulnerability is fixed in 2.5.6.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.1	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-74	Secondary	security-advisories@github.com

CWE ID: CWE-74

Type: Secondary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/Kovah/LinkAce/security/advisories/GHSA-37m5-936h-w455	security-advisories@github.com	N/A
https://github.com/Kovah/LinkAce/security/advisories/GHSA-37m5-936h-w455	134c704f-9b21-4f2e-91b3-4a467353bcc0	N/A

Hyperlink: https://github.com/Kovah/LinkAce/security/advisories/GHSA-37m5-936h-w455

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/Kovah/LinkAce/security/advisories/GHSA-37m5-936h-w455

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History