CVE-2026-7502

Source
https://cve.org/CVERecord?id=CVE-2026-7502
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7502.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7502
Published
2026-04-30T21:15:12.518Z
Modified
2026-07-15T01:49:07.843675597Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization
Details

A security vulnerability has been detected in LinkStackOrg LinkStack up to 4.8.6. The affected element is the function saveLink of the file app/Http/Controllers/UserController.php of the component Management Endpoint. The manipulation leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.

Database specific
{
    "cwe_ids": [
        "CWE-285",
        "CWE-639"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7502.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/linkstackorg/linkstack

Affected ranges

Type
GIT
Repo
https://github.com/linkstackorg/linkstack
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "4.8.0"
        },
        {
            "last_affected": "4.8.0"
        },
        {
            "introduced": "4.8.1"
        },
        {
            "last_affected": "4.8.1"
        },
        {
            "introduced": "4.8.2"
        },
        {
            "last_affected": "4.8.2"
        },
        {
            "introduced": "4.8.3"
        },
        {
            "last_affected": "4.8.3"
        },
        {
            "introduced": "4.8.4"
        },
        {
            "last_affected": "4.8.4"
        },
        {
            "introduced": "4.8.5"
        },
        {
            "last_affected": "4.8.5"
        },
        {
            "introduced": "4.8.6"
        },
        {
            "last_affected": "4.8.6"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

4.*
4.8.0
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.8.6
v4.*
v4.8.0
v4.8.1
v4.8.2
v4.8.3
v4.8.4
v4.8.5
v4.8.6

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7502.json"