CVE-2026-44313
CriticalSummary
Linkwarden prior to version 2.13.0 had a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function that allowed authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation.
Risk Assessment
This vulnerability could lead to unauthorized access to internal services, posing a risk of data leakage or system compromise.
Recommendation
It is recommended to update Linkwarden to version 2.13.0 or later to mitigate this vulnerability.
Original NVD description (English source)
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.

