CVE-2026-11345
Improper Authentication in linqi via AnonFile Parameter
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: 86c47df7-7d28-48da-920a-6423c52fd3da
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linqi | onpremise | to 1.4.8.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-287 | When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability does not affect compliance with common standards and regulations such as GDPR or HIPAA because the exposed files contain no sensitive data and are already publicly accessible.
Can you explain this vulnerability to me?
This vulnerability is an Improper Authentication issue in the /api/Cdn/GetFile endpoint of linqi. It allows unauthenticated, remote attackers to bypass file access controls by exploiting the ValidateAnonFileAccess function. This function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided.
However, the security impact is considered negligible because the exposed resources are limited to minified JavaScript and CSS files that contain no sensitive data and are already publicly accessible through a standard Content Delivery Network (CDN).
How can this vulnerability impact me? :
The vulnerability allows attackers to bypass authorization checks and access certain files without authentication.
Despite this, the actual impact is minimal since the accessible files are only minified JavaScript and CSS files that do not contain sensitive information and are already publicly available.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the /api/Cdn/GetFile endpoint of linqi and can be detected by checking for requests that include an 'AnonFile' query parameter containing exactly 256 characters.
To detect exploitation attempts on your network or system, you can monitor HTTP requests to the /api/Cdn/GetFile endpoint and filter for those with an 'AnonFile' parameter of length 256.
- Use network monitoring tools or web server logs to search for requests matching the pattern: GET /api/Cdn/GetFile?AnonFile=<256_characters>
- Example command using grep on web server logs: grep -E "/api/Cdn/GetFile\?AnonFile=.{256}" /var/log/nginx/access.log
- Alternatively, use packet capture tools like tcpdump or Wireshark to filter HTTP GET requests to /api/Cdn/GetFile and inspect the query parameters.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability allows bypassing file access controls via a specific 'AnonFile' query parameter, immediate mitigation steps include monitoring and restricting access to the /api/Cdn/GetFile endpoint.
Given the exposed resources are limited to publicly accessible minified JavaScript and CSS files with no sensitive data, the security impact is negligible.
- Implement web application firewall (WAF) rules to block requests with an 'AnonFile' parameter of exactly 256 characters.
- Restrict access to the /api/Cdn/GetFile endpoint to trusted users or IP addresses if possible.
- Monitor logs for suspicious requests and investigate any unusual activity.