PT-2026-60259 · Lissy93 · Dashy

Publicado

2026-07-15

·

Atualizado

2026-07-15

·

CVE-2026-46485

CVSS v3.1

8.2

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.

Correção

Improper Access Control

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-46485

Produtos afetados

Dashy