Description

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manipulating this header during a password reset request, an attacker can inject an attacker-controlled domain into the reset link sent via email. As a result, the victim receives a password reset email containing a malicious link pointing to an attacker-controlled domain. When the victim clicks the link, the password reset token is transmitted to the attacker-controlled server. An attacker can capture this token and use it to reset the victim’s password, leading to full account takeover. This vulnerability is fixed in 2.5.4.

INFO

Published Date :

2026-04-21T20:02:35.006Z

Last Modified :

2026-04-21T20:35:49.598Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-40905 vulnerability.

Vendors Products
Kovah
  • Linkace
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-40905.

URL Resource
https://github.com/Kovah/LinkAce/security/advisories/GHSA-48wv-jpf4-vjfv cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact