PatchSiren cyber security CVE debrief
CVE-2026-11346 linqi GmbH CVE debrief
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of Linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.
- Vendor
- linqi GmbH
- Product
- linqi
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-05
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-05
Who should care
Users of Linqi who have enabled the custom process creation feature should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.3 and is classified as MEDIUM severity. It can be exploited by an authenticated attacker with low privileges.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply patches or updates provided by the vendor to fix the vulnerability.
- Restrict access to the custom process creation feature to only trusted users.
- Monitor internal network components for unusual activity.
Evidence notes
The CVE record was published on 2026-06-05T12:16:37.597Z and modified on 2026-06-05T16:07:31.547Z. The vulnerability is tracked under CWE-918.
Official resources
-
CVE-2026-11346 CVE record
CVE.org
-
CVE-2026-11346 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
86c47df7-7d28-48da-920a-6423c52fd3da
CVE-2026-11346 was published on 2026-06-05T12:16:37.597Z.