CVE-2026-11345 in linqi정보

요약

\~에 의해 MITRE • 2026. 06. 05.

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided. While this flaw allows bypassing the intended authorization check, the actual security impact is negligible; the exposed resources are strictly limited to minified JavaScript and CSS files that contain no sensitive data and are already publicly accessible via a standard CDN.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

책임이 있는

Linqi

예약하다

2026. 06. 05.

공개

2026. 06. 05.

모더레이션

수락

항목

VDB-368889

CPE

준비됨

CWE

CWE-287 (확인됨)

CVSS

5.3 (VulDB)

EPSS

0.00000

KEV

아니요

활동

매우 낮음

출처

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-11345
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-11345
CVE Details	https://www.cvedetails.com/cve/CVE-2026-11345/

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!