Description
Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.
Published: 2026-05-08
Score: 9.1 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Linkwarden’s fetchTitleAndHeaders function validates URLs only by checking for a "http://" or "https://" prefix. Because the remaining part of the URL is not inspected, an authenticated user can supply any URL, including internal or localhost addresses. The server then performs an outbound HTTP request to that address, allowing the attacker to reach internal services and potentially expose sensitive data or interact with internal endpoints. This flaw qualifies as a Server‑Side Request Forgery (SSRF).

Affected Systems

The vulnerability is present in all releases of the self‑hosted Linkwarden bookmark manager prior to version 2.13.0. The issue was fixed in the 2.13.0 release; no other affected versions are documented.

Risk and Exploitability

The CVSS score of 9.1 classifies the vulnerability as Critical. EPSS is not available and the vulnerability is not listed in CISA’s KEV catalog. Exploitation requires the attacker to be authenticated to the application so that they can submit a malicious URL to the vulnerable endpoint. Once authenticated, the attacker can direct the server to any address reachable from the hosting environment, making the attack straightforward in configurations where the application can reach internal services.

Generated by OpenCVE AI on May 9, 2026 at 01:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Linkwarden to version 2.13.0 or later to obtain the fixed URL validation code.
  • If an upgrade cannot be performed immediately, temporarily disable the fetchTitleAndHeaders feature or remove it from the application to block the SSRF functionality.
  • Restrict the creation of new links or the use of the title‑fetch feature to trusted user roles, or apply role‑based access control to limit who can invoke the vulnerable endpoint.
  • Segment the network so that the application cannot reach internal services, reducing the impact of any successful SSRF attempt.
  • Regularly consult the Linkwarden project website or security advisories for new updates and apply them as soon as possible.

Generated by OpenCVE AI on May 9, 2026 at 01:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 08 May 2026 23:30:00 +0000

Type Values Removed Values Added
Description Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the fetchTitleAndHeaders function allows authenticated users to make arbitrary HTTP requests to internal services due to insufficient URL validation that only checks for "http://" or "https://" prefixes. This issue has been patched in version 2.13.0.
Title LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-08T23:08:42.424Z

Reserved: 2026-05-05T19:00:06.022Z

Link: CVE-2026-44313

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-09T00:16:29.373

Modified: 2026-05-09T00:16:29.373

Link: CVE-2026-44313

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-09T02:00:19Z

Weaknesses