CVE-2024-53326
Unsafe Deserialization in LINQPad Pro
Publication date: 2026-05-08
Last updated on: 2026-05-08
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linqpad | linqpad | to 5.52.01 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-502 | The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-53326 is a vulnerability in LINQPad Pro editions before version 5.52.01 involving unsafe deserialization in the method LINQPad.AutoRefManager::PopulateFromCache().
This vulnerability arises because the method deserializes data from a user-writable file in the local application data folder without proper validation, allowing an attacker to craft malicious serialized data.
Exploiting this flaw can lead to arbitrary code execution on the affected system, demonstrated by a proof-of-concept that successfully launched the calculator application (calc.exe).
The vulnerability only affects licensed versions of LINQPad, as the vulnerable code path is triggered only in those installations.
How can this vulnerability impact me? :
If you are using a licensed version of LINQPad prior to 5.52.01 Pro edition, this vulnerability could allow an attacker to execute arbitrary code on your machine.
This means an attacker could potentially run malicious programs, gain unauthorized access, or take control of your system by exploiting the unsafe deserialization flaw.
Such code execution could lead to data theft, system compromise, or further attacks within your environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability in LINQPad can be detected by scanning .NET applications for calls to the method BinaryFormatter.Deserialize, which is involved in unsafe deserialization.
A specific approach used by a researcher involved using the tool CerealKiller to identify such calls, which found around 1,500 hits.
Additionally, mapping function calls to identify if LINQPad's PopulateFromCache method is invoked can help detect the vulnerable code path.
Since the vulnerability is triggered only in licensed versions of LINQPad, checking for the presence of a licensed installation is also relevant.
- Use CerealKiller or similar .NET deserialization scanning tools to find calls to BinaryFormatter.Deserialize.
- Inspect the local app data folder for user-writable files that LINQPad might deserialize.
- Verify if LINQPad version is before 5.52.01 Pro edition, as only these versions are vulnerable.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update LINQPad to version 5.52.01 or later, where the vulnerability has been patched.
If updating immediately is not possible, restrict access to the local app data folder where LINQPad stores user-writable files to prevent tampering.
Avoid running licensed versions of LINQPad on untrusted or exposed systems until patched.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the LINQPad deserialization vulnerability (CVE-2024-53326) impacts compliance with common standards and regulations such as GDPR or HIPAA.