The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions
linqi GmbH linqi unaffected
Version Status Constraints
0 affected ≤ 1.4.8.5

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors Products
Linqi Subscribe
Linqi Subscribe

Project Subscriptions

Vendors Products
Linqi Subscribe
Linqi Subscribe
Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
https://linqi.help/en/reference/security/security-advisories/#security-advisory-hardcoded-cryptographic-keys-and-weak-iv-generation-in-linqi cve-icon
https://linqi.help/en/reference/security/security-advisories/#security-advisory-hardcoded-cryptographic-keys-and-weak-iv-generation-in-the-linqi-application cve-icon
History

Fri, 05 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application Hardcoded Cryptographic Keys and Weak IV Generation in linqi
References

Fri, 05 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Linqi
Linqi linqi
Vendors & Products Linqi
Linqi linqi

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
Description The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Title Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application
Weaknesses CWE-321
CWE-338
References
Metrics cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: linqi

Published:

Updated: 2026-06-05T11:51:48.757Z

Reserved: 2026-06-05T08:52:47.208Z

Link: CVE-2026-11347

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-05T11:16:34.627

Modified: 2026-06-05T11:16:34.627

Link: CVE-2026-11347

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T11:30:39Z

Weaknesses