QSearchQSearch

CVE-2026-11347

The linqi application contains hardcoded cryptographic keys

Published: 2026-06-05 · Last updated: 2026-06-05

Severity and scoring

CWE
CWE-321, CWE-338

Description

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-11505 A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x (5.0 MEDIUM)
  • CVE-2026-46493 HAX CMS helps manage microsite universe with PHP or NodeJs backends (7.5 HIGH)
  • CVE-2026-46395 HAX CMS helps manage microsite universe with PHP or NodeJs backends
  • CVE-2026-45433 This vulnerability exists in GX Earth 2022 ONT models due to the presence of hardcoded RSA private key within the device firmware
  • CVE-2026-50226 Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers (5.3 MEDIUM)