Linkwarden SSRF Vulnerability (CVE-2026-44313) Allows Internal Network Access
A critical Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2026-44313, has been discovered in Linkwarden, the self-hosted open-source collaborative bookmark manager. The National Vulnerability Database reports that prior to version 2.13.0, the fetchTitleAndHeaders function suffered from insufficient URL validation. This flaw allowed authenticated users to craft arbitrary HTTP requests to internal services, bypassing typical network segmentation.
The vulnerability stems from a simplistic URL validation that only checked for http:// or https:// prefixes, failing to properly sanitize or restrict requests to internal IP ranges or non-public resources. With a CVSS score of 9.1 (Critical), this issue presents a significant risk, enabling attackers to probe internal networks, access sensitive services, or potentially pivot to other systems from within the compromised Linkwarden instance.
Linkwarden users running versions prior to 2.13.0 are directly affected. This SSRF allows an attacker, once authenticated, to map out internal infrastructure or interact with services not intended for external exposure. The National Vulnerability Database confirms this issue has been patched in version 2.13.0, making immediate upgrade the primary mitigation.
What This Means For You
- If your organization uses Linkwarden, you need to verify your version immediately. An authenticated attacker can leverage CVE-2026-44313 to scan your internal network and access services that should never be internet-facing. This isn't just about data theft; it's about gaining a beachhead for further lateral movement. Patch to version 2.13.0 or higher without delay.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44313 - Linkwarden SSRF to Internal Network Access
title: CVE-2026-44313 - Linkwarden SSRF to Internal Network Access
id: scw-2026-05-09-ai-1
status: experimental
level: critical
description: |
Detects the specific SSRF vulnerability in Linkwarden's fetchTitleAndHeaders function (CVE-2026-44313) by looking for requests to the vulnerable endpoint with a 'url=' parameter. This indicates an attempt to abuse the SSRF vulnerability to access internal network resources.
author: SCW Feed Engine (AI-generated)
date: 2026-05-09
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44313/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/api/v1/fetchTitleAndHeaders'
cs-uri-query|contains:
- 'url='
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44313 | SSRF | Linkwarden < 2.13.0 |
| CVE-2026-44313 | SSRF | Vulnerable function: fetchTitleAndHeaders |
| CVE-2026-44313 | SSRF | Insufficient URL validation (only checks for 'http://' or 'https://' prefixes) |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 09, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate
CVE-2026-6667 — PgBouncer before 1.25.2 did not perform an appropriate authorization check for the KILL_CLIENT admin command. All users with access to the administration console...
CVE-2026-6666 — A possible null pointer reference in PgBouncer before
CVE-2026-6666 — A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE...
PgBouncer SCRAM Vulnerability (CVE-2026-6665) Allows Stack Overflow
CVE-2026-6665 — The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM...