A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of Linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker [truncated]
CVE-2026-11345 is an Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi. This flaw allows unauthenticated, remote attackers to bypass file access controls by providing an 'AnonFile' query parameter containing exactly 256 characters. However, the actual security impact is negligible as the exposed resources are limited to minified JavaScript and CSS files that contain no sensit [truncated]
CVE-2026-11347 is a HIGH-severity vulnerability in the linqi application. The application contains hardcoded cryptographic keys and uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption. This makes known-plaintext attacks feasible, allowing an attacker with local access to decrypt sensitive obfuscated strings, including ConnectionStr [truncated]
