CVE-2026-3053 | DataLinkDC dinky up to 1.2.5 OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

A vulnerability classified as critical was found in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication.

This vulnerability is registered as CVE-2026-3053. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3053 | DataLinkDC dinky up to 1.2.5 OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

Post correlati

CVE-2024-10995 | Codezips Hospital Appointment System 1.0 /removeDoctorResult.php Name sql injection

CVE-2024-1730 | bdthemes Prime Slider Plugin up to 3.14.0 on WordPress link cross site scripting

CVE-2024-37995 | Siemens SIMATIC Reader RF610R CMIIT improper check or handling of exceptional conditions (ssa-765405)

CVE-2024-29789 | Walter Pinem OneClick Chat to Order Plugin up to 1.0.5 on WordPress cross site scripting