CVE-2026-46485 in Dashy
الملخص
بحسب MITRE • 15/07/2026
Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.