PT-2026-21639 · Unknown · Datalinkdc Dinky

Ana10Gy

Published

2026-02-24

Updated

2026-03-01

CVE-2026-3053

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions DataLinkDC dinky versions up to 1.2.5

Description A flaw exists in DataLinkDC dinky that allows for remote authentication bypass. This is due to a manipulation within the addInterceptors function located in the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java, specifically affecting the OpenAPI Endpoint component. The exploit has been publicly disclosed.

Recommendations Versions prior to 1.2.5 should be updated. As a temporary workaround, consider restricting access to the OpenAPI Endpoint component to minimize the risk of exploitation.

Exploit

Fix

Missing Authentication

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-287

Related Identifiers

CVE-2026-3053

Affected Products

Datalinkdc Dinky

PT-2026-21639 · Unknown · Datalinkdc Dinky

CVE-2026-3053

Weakness Enumeration

Related Identifiers

Affected Products

References · 12