{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-30954","assignerOrgId":"a0819718-46f1-4df5-94e2-005712e83aaa","state":"PUBLISHED","assignerShortName":"GitHub_M","dateReserved":"2026-03-07T17:34:39.981Z","datePublished":"2026-03-10T20:40:31.011Z","dateUpdated":"2026-03-11T14:30:40.687Z"},"containers":{"cna":{"title":"LinkAce has a Cross-User Tag/List Attachment IDOR in processTaxonomy()","problemTypes":[{"descriptions":[{"cweId":"CWE-639","lang":"en","description":"CWE-639: Authorization Bypass Through User-Controlled Key","type":"CWE"}]}],"metrics":[{"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N","version":"4.0"}}],"references":[{"name":"https://github.com/Kovah/LinkAce/security/advisories/GHSA-vc99-cgj6-wwxh","tags":["x_refsource_CONFIRM"],"url":"https://github.com/Kovah/LinkAce/security/advisories/GHSA-vc99-cgj6-wwxh"}],"affected":[{"vendor":"Kovah","product":"LinkAce","versions":[{"version":"<= 2.1.0","status":"affected"}]}],"providerMetadata":{"orgId":"a0819718-46f1-4df5-94e2-005712e83aaa","shortName":"GitHub_M","dateUpdated":"2026-03-10T20:40:31.011Z"},"descriptions":[{"lang":"en","value":"LinkAce is a self-hosted archive to collect website links. In 2.1.0 and earlier, the processTaxonomy() method in LinkRepository.php allows authenticated users to attach other users' private tags and lists to their own links by passing integer IDs."}],"source":{"advisory":"GHSA-vc99-cgj6-wwxh","discovery":"UNKNOWN"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-03-11T14:29:50.216265Z","id":"CVE-2026-30954","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-11T14:30:40.687Z"}}]}}