CVE-2026-3051

Name of the Vulnerable Software and Affected Versions DataLinkDC dinky versions up to 1.2.5

Description A path traversal issue exists in DataLinkDC dinky. The getProjectDir function within the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the Project Name Handler component is susceptible to manipulation of the projectName argument, leading to path traversal. This issue can be exploited remotely. The exploit details have been publicly disclosed.

Recommendations Versions prior to 1.2.5 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.