CVE-2024-53326

LINQPad Deserialization

Description

This module exploits a bug in LIQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restarts.

Exploits (1)

metasploit WORKING POC NORMAL

by msutovsky-r7 <[email protected]>, James Williams · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/persistence/linqpad_deserialization.rb

View Code ZIP pw:eip

Details

Status draft

Tracked Since Feb 18, 2026