CVE-2026-11345

Published: Giu 05, 2026 Last Modified: Giu 05, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: 86c47df7-7d28-48da-920a-6423c52fd3da

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided. While this flaw allows bypassing the intended authorization check, the actual security impact is negligible; the exposed resources are strictly limited to minified JavaScript and CSS files that contain no sensitive data and are already publicly accessible via a standard CDN.

287

Improper Authentication

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Availability Access Control

Potential Impacts:

Read Application Data Gain Privileges Or Assume Identity Execute Unauthorized Code Or Commands

Applicable Platforms

Technologies: Not Technology-Specific, Web Based, ICS/OT

Likelihood of Exploit: High

View CWE Details

https://linqi.help/en/reference/security/security-advisorie…

https://linqi.help/en/reference/security/security-advisories/#security-advisory…

CVE-2026-11345

Description

Improper Authentication

Common Consequences

Applicable Platforms

Iscriviti alla newsletter