Time Traveling on LinkedIn

Feb 19 2026

I recently accepted a summer internship with KKR and went to update my LinkedIn profile. I went to update my "Experience" section, and was hit with an issue.

LinkedIn Error Message When Selecting Future Date

The UI doesn't allow me to save a future date (since it's February 2026, I can't select June 2026).

Normally, people either wait until the date comes by or simply put "Incoming [Insert Position Here]", but both options are subpar.

1. The "Change Date" Method

I've played a number of mobile games growing up. As a kid, "hacking" these games to get unlimited in-game currency felt like winning the lottery. The jealous looks on your friends faces as you show them your hacked balance was golden.

Here's how it worked: if a game made you wait 24 hours for your daily reward, you could just go into your phone settings, change the date to tomorrow's date, and the game would unlock the reward. In some cases, if you changed the date to a few years into the future, you would receive all the rewards you "missed out on" at once.

Keeping this method in mind, I figured LinkedIn's frontend might only check the local computer time to determine what "Today" is. So, I went into the settings of my computer and set my clock to July 2026 and tried again.

Unfortunately, it didn't work ☹. LinkedIn servers don't care what time my laptop thinks it is, as they most likely use server time to verify it.

2. The "Change Request" Method

Since that didn't work, I decided to fire up Burp Suite to see what was actually being sent to the server.

The error that results from me picking a future date might just be a frontend constraint on the client's side, as in the browser stops me, but the API might not.

I filled out the form with a valid date (Feb 2026) and intercepted the request. Let's take a deeper look at the POST request:

POST /voyager/api/graphql?action=execute HTTP/2
Host: www.linkedin.com
Cookie: [REDACTED]

{
  "variables": {
    "formElementInputs": [
      { "formElementUrn": ".../title)", [TRUNCATED FOR CLARITY]},
      { "formElementUrn": ".../company)", [TRUNCATED FOR CLARITY]},

      {
        "formElementUrn": "urn:li:.../dateRange)",
        "formElementInputValues": [
          {
            "dateRangeInputValue": {
              "start": {
                "year": 2026,
                "month": 2 
              }
            }
      // ... [TRUNCATED FOR CLARITY]

I located the dateRangeInputValue object and changed "month": 2 to "month": 6 (June) and forwarded the request. Success!

3. Pushing the Limits

If I could set the date to June 2026, how far into the future could I actually go? Could I claim to be working at XYZ Company in 2050?

I sent the request to Burp Intruder to fuzz the year parameter. I set the payload positions on the year value and ran an increasing number payload starting from 2026.

The results were interesting. For 2026 and 2027, the response length was consistent around the same number, indicating a successful profile update. However, for 2028 and beyond, there was a significant drop in response length.

This tells us there is some server-side validation. It implies the API accepts dates up to the end of the next year (December 2027), effectively giving us a nearly two-year buffer. Doing the same steps as above, I was able to validate my findings.

4. Conclusion

As of now, my profile successfully shows my internship start date as June 2026, alongside a glitched and negative duration, as shown above.

It’s a harmless bug, but it highlights a golden rule in security: Never trust the client.