CVE-2026-3053

Name of the Vulnerable Software and Affected Versions DataLinkDC dinky versions up to 1.2.5

Description A flaw exists in DataLinkDC dinky that allows for remote authentication bypass. This is due to a manipulation within the addInterceptors function located in the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java, specifically affecting the OpenAPI Endpoint component. The exploit has been publicly disclosed.

Recommendations Versions prior to 1.2.5 should be updated. As a temporary workaround, consider restricting access to the OpenAPI Endpoint component to minimize the risk of exploitation.