CVE-2024-53326
Awaiting Analysis Awaiting Analysis - Queue
Unsafe Deserialization in LINQPad Pro

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: MITRE

Description
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-06-19
AI Q&A
2026-05-08
EPSS Evaluated
2026-06-18
NVD
CVE-2024-53326
EUVD
EUVD-2024-55573
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linqpad linqpad to 5.52.01 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-502 The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify how the LINQPad deserialization vulnerability (CVE-2024-53326) impacts compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2024-53326 is a vulnerability in LINQPad Pro editions before version 5.52.01 involving unsafe deserialization in the method LINQPad.AutoRefManager::PopulateFromCache().

This vulnerability arises because the method deserializes data from a user-writable file in the local application data folder without proper validation, allowing an attacker to craft malicious serialized data.

Exploiting this flaw can lead to arbitrary code execution on the affected system, demonstrated by a proof-of-concept that successfully launched the calculator application (calc.exe).

The vulnerability only affects licensed versions of LINQPad, as the vulnerable code path is triggered only in those installations.

Impact Analysis

If you are using a licensed version of LINQPad prior to 5.52.01 Pro edition, this vulnerability could allow an attacker to execute arbitrary code on your machine.

This means an attacker could potentially run malicious programs, gain unauthorized access, or take control of your system by exploiting the unsafe deserialization flaw.

Such code execution could lead to data theft, system compromise, or further attacks within your environment.

Detection Guidance

The vulnerability in LINQPad can be detected by scanning .NET applications for calls to the method BinaryFormatter.Deserialize, which is involved in unsafe deserialization.

A specific approach used by a researcher involved using the tool CerealKiller to identify such calls, which found around 1,500 hits.

Additionally, mapping function calls to identify if LINQPad's PopulateFromCache method is invoked can help detect the vulnerable code path.

Since the vulnerability is triggered only in licensed versions of LINQPad, checking for the presence of a licensed installation is also relevant.

  • Use CerealKiller or similar .NET deserialization scanning tools to find calls to BinaryFormatter.Deserialize.
  • Inspect the local app data folder for user-writable files that LINQPad might deserialize.
  • Verify if LINQPad version is before 5.52.01 Pro edition, as only these versions are vulnerable.
Mitigation Strategies

The primary mitigation step is to update LINQPad to version 5.52.01 or later, where the vulnerability has been patched.

If updating immediately is not possible, restrict access to the local app data folder where LINQPad stores user-writable files to prevent tampering.

Avoid running licensed versions of LINQPad on untrusted or exposed systems until patched.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-53326. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart