CVE-2024-33863
Description
Local file inclusion vulnerability in linqi for Windows before 1.4.0.1 allows remote attackers to read arbitrary files via the /api/Cdn/GetFile endpoint.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Local file inclusion vulnerability in linqi for Windows before 1.4.0.1 allows remote attackers to read arbitrary files via the /api/Cdn/GetFile endpoint.
Vulnerability
A local file inclusion vulnerability exists in linqi for Windows versions prior to 1.4.0.1 in the /api/Cdn/GetFile endpoint. The endpoint does not properly validate user-supplied paths, allowing an attacker to include arbitrary files from the server's file system.
Exploitation
An attacker can exploit this vulnerability by sending a crafted HTTP request to the /api/Cdn/GetFile endpoint with a malicious path parameter containing directory traversal sequences (e.g., ../). No authentication is required, as the endpoint is publicly accessible. The attacker must have network access to the linqi server.
Impact
Successful exploitation allows an attacker to read arbitrary files on the server, including configuration files, application source code, and other sensitive data. This leads to information disclosure and could further compromise the server.
Mitigation
The vulnerability has been resolved in linqi version 1.4.0.1 [2]. Users should update to this version immediately. No workarounds are available.
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- linqi/linqidescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.