CVE-2026-3051

Summary

A vulnerability has been found in DataLinkDC dinky up to 1.2.5. The affected element is the function getProjectDir of the file dinky-admin/src/main/java/org/dinky/utils/GitRepository.java of the component Project Name Handler. Such manipulation of the argument projectName leads to path traversal. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
DataLinkDCdinky1.2.0affected
DataLinkDCdinky1.2.1affected
DataLinkDCdinky1.2.2affected
DataLinkDCdinky1.2.3affected
DataLinkDCdinky1.2.4affected
DataLinkDCdinky1.2.5affected

Weaknesses

  • CWE-22: Path Traversal

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References