216.73.217.172

CVE-2026-11347

· Published 05/06/2026 11:16 · Modified 05/06/2026 16:07

Labels: CVE-2026-11347 2026-06-0586c47df7-7d28-48da-920a-6423c52fd3daCVE-2026-11347CWE-321

Essential information

Published
05/06/2026 11:16
Modified
05/06/2026 16:07
Author
Creator
CVSS
8.5 HIGH (v3) 8.5 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
86c47df7-7d28-48da-920a-6423c52fd3da
NVD
View on NVD

Affected products (CPE)

ProductCPE
linqi / linqi cpe:2.3:a:linqi:linqi:*:*:*:*:*:*:*:*

References