CVE-2026-11347
Hardcoded Cryptographic Keys and Weak IV Generation in linqi
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: 86c47df7-7d28-48da-920a-6423c52fd3da
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linqi | linqi_onpremise | to 1.4.8.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
| CWE-338 | The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in linqi involves hardcoded cryptographic keys and weak IV generation for AES/CBC encryption, which can lead to the decryption of sensitive information such as database credentials. This exposure of sensitive data can negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require strong protection of personal and sensitive data to prevent unauthorized access.
Specifically, the ability for an attacker with local access to decrypt sensitive configuration data increases the risk of data breaches, which may result in non-compliance with data protection requirements and could lead to legal and financial consequences under these regulations.
Can you explain this vulnerability to me?
CVE-2026-11347 is a high-severity vulnerability in the linqi OnPremise application versions prior to 1.4.8.6. It involves the use of hardcoded cryptographic keys and a weak algorithm that generates Initialization Vectors (IVs) with a limited ASCII charset for AES/CBC encryption. This weak IV generation makes known-plaintext attacks feasible.
An attacker with local access to the system can exploit these weaknesses to decrypt sensitive obfuscated strings, such as ConnectionString values containing database credentials stored in appsettings.json.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized decryption of sensitive information, including database credentials, if an attacker gains local access to the affected system.
Such exposure can compromise the confidentiality and integrity of your data and systems, potentially allowing attackers to access databases or other protected resources.
Because the cryptographic protections are weakened, attackers can bypass encryption safeguards, increasing the risk of data breaches.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of hardcoded cryptographic keys and weak IV generation algorithms in the linqi OnPremise application binaries or source code.
You can check the version of the linqi OnPremise application installed on your system to see if it is prior to 1.4.8.6, which is vulnerable.
Commands to detect the vulnerability might include:
- Check the installed version of linqi OnPremise: `linqi --version` or check the application metadata.
- Search binaries or source code for hardcoded cryptographic keys using grep or strings, e.g., `strings linqi_binary | grep -i key`.
- Look for weak IV generation patterns in the code if source code is available.
What immediate steps should I take to mitigate this vulnerability?
The primary immediate mitigation step is to update the linqi OnPremise application to version 1.4.8.6 or later, where this vulnerability has been fully resolved.
Until the update can be applied, restrict local access to the system to trusted users only, as the attack requires local access.
Review and rotate any potentially exposed database credentials found in appsettings.json or other configuration files.