CVE-2026-3052

Summary

A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Software

VendorProductVersion RangeStatus
DataLinkDCdinky1.2.0affected
DataLinkDCdinky1.2.1affected
DataLinkDCdinky1.2.2affected
DataLinkDCdinky1.2.3affected
DataLinkDCdinky1.2.4affected
DataLinkDCdinky1.2.5affected

Weaknesses

  • CWE-918: Server-Side Request Forgery

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References