CVE-2026-11346
Deferred Deferred - Pending Action
SSRF in linqi via Custom Process Creation

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: 86c47df7-7d28-48da-920a-6423c52fd3da

Description
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-25
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-24
NVD
CVE-2026-11346
EUVD
EUVD-2026-34825
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linqi onpremise to 1.4.8.6 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Server-Side Request Forgery (SSRF) in the custom process creation feature of linqi. An authenticated attacker can create a process that includes an HTTP Request component, causing the server to send arbitrary HTTP requests. By analyzing the server's responses, such as Success, Failed, or 504 Gateway Time-out, the attacker can infer the status of internal network ports, effectively performing internal network reconnaissance.

Detection Guidance

This vulnerability involves an authenticated attacker crafting a specific process with an HTTP Request component to force the server to send arbitrary HTTP requests and observe application responses to probe internal network components.

Detection would involve monitoring for unusual or unauthorized process creation requests that include HTTP components, as well as analyzing server logs for patterns of HTTP requests that could indicate internal network probing.

However, no specific commands or detection tools are provided in the available information.

Mitigation Strategies

The vulnerability allows an authenticated attacker to perform SSRF by creating processes with HTTP Request components to probe internal network ports.

Immediate mitigation steps would generally include restricting or validating the creation of custom processes that can send HTTP requests, implementing strict access controls, and monitoring for suspicious activity related to process creation.

No specific mitigation instructions or patches are provided in the available information.

Compliance Impact

The provided information does not specify how the SSRF vulnerability in linqi impacts compliance with common standards and regulations such as GDPR or HIPAA.

Impact Analysis

The vulnerability allows an authenticated attacker to probe internal network components by sending arbitrary HTTP requests from the server. This can lead to unauthorized internal network reconnaissance, potentially exposing sensitive internal services or infrastructure details that could be leveraged for further attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-11346. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart