Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided. While this flaw allows bypassing the intended authorization check, the actual security impact is negligible; the exposed resources are strictly limited to minified JavaScript and CSS files that contain no sensitive data and are already publicly accessible via a standard CDN.
AnalysisAI
Authentication bypass in linqi's /api/Cdn/GetFile endpoint allows unauthenticated remote attackers to circumvent the ValidateAnonFileAccess authorization check by supplying an 'AnonFile' query parameter of exactly 256 characters. Despite the CVSS 4.0 score of 6.9 and a PR:N/AC:L attack vector suggesting easy, unauthenticated exploitation, the vendor's own advisory explicitly confirms the security impact is negligible: the only resources accessible via this bypass are minified JavaScript and CSS files already served publicly through a CDN. No public exploit code has been identified at time of analysis, and there is no CISA KEV listing.
Technical ContextAI
linqi (by linqi GmbH, CPE: cpe:2.3:a:linqi_gmbh:linqi:*:*:*:*:*:*:*:*) exposes a CDN file retrieval endpoint at /api/Cdn/GetFile. The root cause is CWE-287 (Improper Authentication): the ValidateAnonFileAccess function contains a logic flaw where the mere presence of an 'AnonFile' query parameter containing exactly 256 characters is sufficient to pass the authorization gate, regardless of the caller's identity or actual entitlement. This is a classic off-by-one or length-check substitution error - the function likely uses string length as a proxy for a token or signature validity check, incorrectly treating a fixed-length string as a valid credential. The CPE wildcard version field (*) indicates all known linqi versions are affected. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) correctly reflects the ease of triggering the flaw over the network without credentials, while VC:L/VI:N/VA:N/SC:N accurately captures the low-sensitivity nature of the exposed data.
RemediationAI
Patch available per vendor advisory at https://linqi.help/en/reference/security/security-advisories/#security-advisory-improper-authentication-bypass-in-cdn-file-access-in-the-linqi-application - no specific fixed version number is confirmed in the available data, so administrators should consult the advisory directly to identify the target upgrade version. The underlying fix should correct the ValidateAnonFileAccess function to replace the flawed 256-character length check with proper token validation or signature verification. Given that the exposed resources are already publicly accessible static assets, the urgency for emergency patching is low; however, the logic flaw itself should be remediated to prevent future scope creep if the endpoint's access controls are later extended to cover sensitive files. As a compensating control, network-layer filtering to block requests to /api/Cdn/GetFile containing an AnonFile parameter of exactly 256 characters is technically feasible but operationally fragile and not recommended as a permanent measure.
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated critical severity (CVSS 9.8), this vulnerability is re
Cryptographic weaknesses in the linqi application (versions ≤1.4.8.5) allow local attackers with low-level privileges to
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated high severity (CVSS 7.5), this vulnerability is remote
Cross-tenant comment access in linqi BPM platform versions through 1.4.8.5 allows any authenticated user to read and wri
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.9), this vulnerability is no a
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 5.5), this vulnerability is remo
Server-side request forgery in linqi's custom process creation feature allows authenticated attackers to conduct interna
An issue was discovered in linqi before 1.4.0.1 on Windows. Rated medium severity (CVSS 4.8), this vulnerability is low
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34824
GHSA-xj32-w24w-7c6q