CVE-2026-55592 in dashyinfo

Zusammenfassung

von MITRE • 08.07.2026

Dashy is a self-hostable personal dashboard. Prior to 4.3.7, Dashy's workspace view trusts the url query parameter and assigns it directly to an iframe source without scheme validation. If a logged-in user opens a crafted workspace link containing a javascript: URL, JavaScript runs on the Dashy origin and can read same-origin browser data, interact with the Dashy DOM, and send requests as the victim. This issue is fixed in version 4.3.7.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Zuständig

GitHub M

Reservieren

17.06.2026

Veröffentlichung

08.07.2026

Moderieren

akzeptiert

Eintrag

VDB-376695

CPE

bereit

EPSS

0.00000

KEV

nein

Aktivitäten

very low

Quellen

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!