NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-11347

Summary	The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Publication Date	June 5, 2026, 8:16 p.m.
Registration Date	June 6, 2026, 4:17 a.m.
Last Update	June 6, 2026, 1:07 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://linqi.help/en/reference/security/security-advisories/#security-advisory-hardcoded-cryptographic-keys-and-weak-iv-generation-in-linqi	86c47df7-7d28-48da-920a-6423c52fd3da

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-338	暗号における脆弱な PRNG の使用	https://cwe.mitre.org/data/definitions/338.html
2	CWE-321	ハードコードされた暗号鍵の使用	https://cwe.mitre.org/data/definitions/321.html