CVE-2026-11346: CWE-918 Server-Side Request Forgery (SSRF) in linqi GmbH linqi
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.
AI Analysis
Technical Summary
This vulnerability (CVE-2026-11346) involves SSRF in linqi's custom process creation feature. Authenticated users can create processes that include HTTP requests, which the server executes. By observing the server's response codes (Success, Failed, or 504 Gateway Time-out), attackers can infer the status of internal network ports and services, facilitating internal network mapping. The CVSS 4.0 vector indicates network attack vector, low complexity, no user interaction, and low impact on confidentiality, integrity, and availability. No patch or official remediation level has been disclosed by the vendor, and the product is not a cloud service.
Potential Impact
The impact is limited to internal network reconnaissance by authenticated attackers. The vulnerability does not directly allow data exfiltration or code execution but can aid attackers in mapping internal network infrastructure. There are no known exploits in the wild, and the vulnerability requires authentication, which limits exposure.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict authenticated user privileges to prevent unauthorized process creation or HTTP request crafting. Monitor for unusual internal network scanning activity initiated from the application. No official patch or temporary fix has been announced by the vendor at this time.
CVE-2026-11346: CWE-918 Server-Side Request Forgery (SSRF) in linqi GmbH linqi
Description
A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific process containing an HTTP Request component, an attacker can force the server to send arbitrary HTTP requests. By observing the varying application responses (Success, Failed, or 504 Gateway Time-out), the attacker can determine the status of internal ports, leading to internal network reconnaissance.
CVSS v4.0
Score 5.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability (CVE-2026-11346) involves SSRF in linqi's custom process creation feature. Authenticated users can create processes that include HTTP requests, which the server executes. By observing the server's response codes (Success, Failed, or 504 Gateway Time-out), attackers can infer the status of internal network ports and services, facilitating internal network mapping. The CVSS 4.0 vector indicates network attack vector, low complexity, no user interaction, and low impact on confidentiality, integrity, and availability. No patch or official remediation level has been disclosed by the vendor, and the product is not a cloud service.
Potential Impact
The impact is limited to internal network reconnaissance by authenticated attackers. The vulnerability does not directly allow data exfiltration or code execution but can aid attackers in mapping internal network infrastructure. There are no known exploits in the wild, and the vulnerability requires authentication, which limits exposure.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict authenticated user privileges to prevent unauthorized process creation or HTTP request crafting. Monitor for unusual internal network scanning activity initiated from the application. No official patch or temporary fix has been announced by the vendor at this time.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- linqi
- Date Reserved
- 2026-06-05T08:52:34.489Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a22b798e29bf47b506379d1
Added to database: 6/5/2026, 11:48:40 AM
Last enriched: 6/5/2026, 12:04:29 PM
Last updated: 6/5/2026, 2:17:19 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.