CVE-2026-3051 | DataLinkDC dinky up to 1.2.5 Project Name GitRepository.java getProjectDir projectName path traversal

A vulnerability described as critical has been identified in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal.

This vulnerability is listed as CVE-2026-3051. The attack may be performed from remote. In addition, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3051 | DataLinkDC dinky up to 1.2.5 Project Name GitRepository.java getProjectDir projectName path traversal

Post correlati

CVE-2025-66147 | merkulove Coder for Elementor Plugin up to 1.0.13 on WordPress authorization

CVE-2025-8940 | Tenda AC20 up to 16.03.08.12 saveParentControlInfo strcpy Time buffer overflow

CVE-2025-59997 | Juniper Junos Space up to 24.1R3 cross site scripting (JSA103140)

CVE-2023-52919 | Linux Kernel up to 6.5.8 nfc send_acknowledge null pointer dereference