CVE-2026-3053 | DataLinkDC dinky up to 1.2.5 OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

A vulnerability classified as critical was found in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication.

This vulnerability is registered as CVE-2026-3053. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3053 | DataLinkDC dinky up to 1.2.5 OpenAPI Endpoint AppConfig.java addInterceptors missing authentication

Post correlati

CVE-2024-0419 | Jasper httpdx up to 1.5.4 HTTP POST Request denial of service

CVE-2023-6777 | wpgmaps WP Go Maps Plugin up to 9.0.34 on WordPress API Key information disclosure

CVE-2024-41167 | Intel Server Board M10JNP2SB Family UEFI Firmware input validation (intel-sa-01175)

CVE-2024-10683 | Contact Form 7 Plugin up to 2.3.1 on WordPress cross site scripting