CVE-2026-11347

Vulnerability Description

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.

Vulnerability Details

Published Date

June 05, 2026

Last Modified

June 05, 2026

CWE ID

CWE-321

Source

NVD

Vendor

linqi GmbH

Product

linqi

External References

https://linqi.help/en/reference/security/security-advisories/#security-advisory-hardcoded-cryptographic-keys-and-weak-iv-generation-in-linqi

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment