CVE-2026-7502 LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization

🗓️ 30 Apr 2026 21:15:12Reported by VulDBType

There is an authorization bypass in LinkStack Management Endpoint saveLink; affects up to 4.8.6.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2026-7502	30 Apr 202621:15	–	attackerkb
Circl	CVE-2026-7502	1 May 202602:48	–	circl
CNNVD	LinkStack 授权问题漏洞	30 Apr 202600:00	–	cnnvd
CVE	CVE-2026-7502	30 Apr 202621:15	–	cve
EUVD	EUVD-2026-26449	30 Apr 202621:15	–	euvd
NVD	CVE-2026-7502	30 Apr 202622:16	–	nvd
Positive Technologies	PT-2026-36202	30 Apr 202600:00	–	ptsecurity
RedhatCVE	CVE-2026-7502	5 Jun 202619:50	–	redhatcve
Vulnrichment	CVE-2026-7502 LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization	30 Apr 202621:15	–	vulnrichment

[
  {
    "vendor": "LinkStackOrg",
    "product": "LinkStack",
    "versions": [
      {
        "version": "4.8.0",
        "status": "affected"
      },
      {
        "version": "4.8.1",
        "status": "affected"
      },
      {
        "version": "4.8.2",
        "status": "affected"
      },
      {
        "version": "4.8.3",
        "status": "affected"
      },
      {
        "version": "4.8.4",
        "status": "affected"
      },
      {
        "version": "4.8.5",
        "status": "affected"
      },
      {
        "version": "4.8.6",
        "status": "affected"
      }
    ],
    "modules": [
      "Management Endpoint"
    ]
  }
]

Source	Link
github	www.github.com/LinkStackOrg/LinkStack/pull/975
github	www.github.com/LinkStackOrg/LinkStack/pull/975
vuldb	www.vuldb.com/submit/801787
vuldb	www.vuldb.com/vuln/360312
github	www.github.com/az10b/security-advisories/blob/main/idor_linkstack.md
github	www.github.com/LinkStackOrg/LinkStack/
vuldb	www.vuldb.com/vuln/360312/cti

30 Apr 2026 21:15Current

CVSS 45.3

CVSS 3.15.4

CVSS 35.4

CVSS 25.5

EPSS0.00055