CVE 8.5 HIGH

Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application_CVE-2026-11347

June 5, 2026 invoker category_cve

8.5 / 10

HIGH

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.

AI Analysis

Hardcoded cryptographic keys and weak IV generation in the linqi application allow for known-plaintext attacks and decryption of sensitive data.

Basic Information

ID CVE-2026-11347

Source linqi

Published Jun 5, 2026 at 10:18

Affected Product

Vendor linqi GmbH

Product linqi

Affected Versions linqi GmbH linqi 0

CWE Classification

CWE-321 CWE-338

AI Assessment

AI Score 8.5 / 10

AI Severity High

Vendor linqi GmbH

Product linqi

References

linqi.help /en/reference/security/security-advisories/

{
    "lastseen": "",
    "description": "The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.",
    "published": "2026-06-05T10:18:35.703Z",
    "modified": "2026-06-05T10:18:35.703Z",
    "type": "cve",
    "title": "Hardcoded Cryptographic Keys and Weak IV Generation in Linqi Application",
    "source": "linqi",
    "references": "https://linqi.help/en/reference/security/security-advisories/#security-advisory-hardcoded-cryptographic-keys-and-weak-iv-generation-in-the-linqi-application",
    "id": "CVE-2026-11347",
    "bulletinFamily": "",
    "cwe": [
        "CWE-321",
        "CWE-338"
    ],
    "cvelist": null,
    "sourceData": "linqi GmbH linqi 0",
    "sourceHref": "",
    "cvss": {
        "score": 8.5,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "linqi",
    "version": "0",
    "vendor": "linqi GmbH",
    "ai_description": "Hardcoded cryptographic keys and weak IV generation in the linqi application allow for known-plaintext attacks and decryption of sensitive data.",
    "ai_severity": "High",
    "ai_vendor": "linqi GmbH",
    "ai_product": "linqi",
    "ai_version": "0",
    "ai_score": 8.5
}

💭 Join the Security Discussion ❌ Cancel Reply