CVE-2024-53326

HIGH

LINQPad Deserialization

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-53326. PoCs published by msutovsky-r7 <[email protected]>, James Williams, including Metasploit module exploits/windows/persistence/linqpad_deserialization.

AI-analyzed exploit summary This Metasploit module exploits a deserialization vulnerability in LINQPad (up to version 5.48.00) by overwriting a cache file with a malicious payload. The payload is executed when the application restarts, leading to remote code execution.

Description

LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.

Exploits (1)

metasploit WORKING POC NORMAL

by msutovsky-r7 <[email protected]>, James Williams · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/persistence/linqpad_deserialization.rb

View Code ZIP pw:eip

This Metasploit module exploits a deserialization vulnerability in LINQPad (up to version 5.48.00) by overwriting a cache file with a malicious payload. The payload is executed when the application restarts, leading to remote code execution.

Classification

Working Poc 100%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: LINQPad up to version 5.48.00

No auth needed

Prerequisites: Access to the cache file directory · Paid version of LINQPad

MITRE ATT&CK

T1546 - Event Triggered Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

https://www.linqpad.net/

https://trustedsec.com/blog/discovering-a-deserialization-vulnerability-in-linqpad

Scores

CVSS v3 7.3

EPSS 0.0044

EPSS Percentile 34.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-502

Status published

Published May 08, 2026

Tracked Since Feb 18, 2026