| Title | DataLinkDC Dinky <=1.2.5 Authentication Bypass Issues |
|---|
| Description | A critical authentication bypass vulnerability exists in the OpenAPI endpoints of Dinky. The application's authentication interceptor contains a catastrophic logic flaw that automatically grants unauthenticated users full Super Admin privileges (User ID: 1). This allows complete compromise of the platform without any authentication, enabling attackers to execute arbitrary tasks, cancel production jobs, exfiltrate sensitive SQL source code, and access all administrative functions.
|
|---|
| Source | ⚠️ https://github.com/AnalogyC0de/public_exp/issues/6 |
|---|
| User | Ana10gy (UID 93358) |
|---|
| Submission | 02/13/2026 03:44 AM (2 months ago) |
|---|
| Moderation | 02/23/2026 06:50 PM (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 347411 [DataLinkDC dinky up to 1.2.5 OpenAPI Endpoint AppConfig.java addInterceptors missing authentication] |
|---|
| Points | 20 |
|---|