CVE-2026-11345EPSS p33.0%

CVE-2026-11345CVE-2026-11345

Description

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided. While this flaw allows bypassing the intended authorization check, the actual security impact is negligible; the exposed resources are strictly limited to minified JavaScript and CSS files that contain no sensitive data and are already publicly accessible via a standard CDN.

Scoring

EPSS0.41% probability of exploitation · percentile 33.0% · 2026-06-19T12:03:05Z
Last modified2026-06-05

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-11346
CVE
CVE-2026-11347
CVE
CVE-2026-21628
CVE
CVE-2025-2305
CVE
CVE-2026-23899
CVE
CVE-2025-45150
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.