Submit #801787: LinkStackOrg LinkStack 4.8.6 Authorization Bypassinfo

TitleLinkStackOrg LinkStack 4.8.6 Authorization Bypass
DescriptionThe application accepts user-supplied link IDs in multiple endpoints without verifying that the authenticated user owns the referenced link, allowing any registered user to modify, reorder, or delete resources belonging to other users. The pull request with the fix https://github.com/LinkStackOrg/LinkStack/pull/975/changes
Source⚠️ https://github.com/az10b/security-advisories/blob/main/idor_linkstack.md
User
 AliAz (UID 74624)
Submission04/10/2026 07:05 (3 months ago)
Moderation04/30/2026 16:38 (20 days later)
StatusAccepted
VulDB entry360312 [LinkStackOrg LinkStack up to 4.8.6 Management Endpoint UserController.php saveLink authorization]
Points19

Do you know our Splunk app?

Download it now for free!