Server-Side Request Forgery (SSRF) allowing Internal Network Probing in linqi
CVE-2026-11346

5.3MEDIUM

Key Information:

Vendor: Linqi Gmbh
Status: Linqi
Vendor: CVE Published:; 5 June 2026

What is CVE-2026-11346?

A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.

Affected Version(s)

linqi 0 < 1.4.8.6

References

https://linqi.help/en/reference/security/security-advisor...

vendor-advisory

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
Jun 5, 2026

Credit

Ianis BERNARD from NATO Cyber Security Centre (NCSC)

CVE-2026-11346 Data

JSON

Linqi Gmbh

What is CVE-2026-11346?

Affected Version(s)

References

CVSS V4

Timeline

Credit