CVE-2026-3053

HIGH

DataLinkDC dinky <1.2.5 - Auth Bypass

Title source: llm

Description

A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

References (5)

Scores

CVSS v3 7.3
EPSS 0.0012
EPSS Percentile 30.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Classification

CWE
CWE-306 CWE-287
Status published

Affected Products (1)

dinky/dinky < 1.2.5

Timeline

Published Feb 24, 2026
Tracked Since Feb 24, 2026