โ† ุงู„ุนูˆุฏุฉ ู„ู„ุฌุฏูˆู„
CVE-2026-45344
CVE-2026-45344 - LinkAce: Setup database password newline injection enables pre-auth RCE on uninitialized instances
๐Ÿ“… 2026-05-28
๐Ÿ”ด Critical ๐Ÿ”ฅ No MITRE CVE High Exploit Exploit

๐Ÿ“‹ ุงู„ูˆุตู ุงู„ูƒุงู…ู„

CVE ID :CVE-2026-45344 Published : May 28, 2026, 10:17 p.m. | 8ย hours, 7ย minutes ago Description :LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the

๐Ÿ’ป ุงู„ุฃู†ุธู…ุฉ ุงู„ู…ุชุฃุซุฑุฉ

LinkAce: Setup database

โš ๏ธ ู†ูˆุน ุงู„ุชู‡ุฏูŠุฏ

Exploit

๐Ÿ”— CVE ID

CVE-2026-45344

๐Ÿ“ก ุงู„ู…ุตุฏุฑ

MITRE CVE High

โœ… ุงู„ุญู„ูˆู„ ูˆุงู„ุชุฎููŠู

Refer to CVE-2026-45344 NVD advisory

๐Ÿ”— ุงู„ู…ุตุฏุฑ ุงู„ุฃุตู„ูŠ โ† ๐Ÿ“˜ NVD โ† โšก CISA KEV โ†