CVE-2026-11347
NONE—CVSS v3
—CVSS v2
0.01%
EPSS (exploit probability)
CWE-321CWE
Description
The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for AES/CBC encryption, making known-plaintext attacks feasible. An attacker with local access can leverage these vulnerabilities to decrypt sensitive obfuscated strings, including ConnectionString values containing database credentials from appsettings.json.
Affected routers (0)
No routers currently mapped to this CVE in our database.