216.73.216.169

CVE-2026-11346

· Published 05/06/2026 12:16 · Modified 05/06/2026 16:07

Labels: CVE-2026-11346 2026-06-0586c47df7-7d28-48da-920a-6423c52fd3daCVE-2026-11346CWE-918

Essential information

Published
05/06/2026 12:16
Modified
05/06/2026 16:07
Author
Creator
CVSS
5.3 MEDIUM (v3) 5.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.

NVD status

Status
Deferred — CVE has been recently published to the CVE List and has been received by the NVD.
Source
86c47df7-7d28-48da-920a-6423c52fd3da
NVD
View on NVD

Affected products (CPE)

ProductCPE
linqi / linqi cpe:2.3:a:linqi:linqi:*:*:*:*:*:*:*:*

References