CVE Catalog

CVE-2026-44313

Critical
Published: Translated: NVD NIST

Summary

Linkwarden prior to version 2.13.0 had a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function that allowed authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation.

Risk Assessment

This vulnerability could lead to unauthorized access to internal services, posing a risk of data leakage or system compromise.

Recommendation

It is recommended to update Linkwarden to version 2.13.0 or later to mitigate this vulnerability.

Original NVD description (English source)

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS