CVE-2026-3052
HIGH WAF: Medium
CVSS 7.7
Published: 2026-02-24
CWE-918
A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
WAF Coverage Analysis
Server-Side Request Forgery (SSRF)
Medium WAF Coverage
OWASP: A10:2021 SSRF
934xxx - Node.js / Generic Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| dinky | dinky | up to 1.2.5 |
References
- github.com (Exploit, Issue Tracking, Third Party Advisory)
- github.com (Exploit, Issue Tracking, Third Party Advisory)
- vuldb.com (Permissions Required, Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)
- vuldb.com (Third Party Advisory, VDB Entry)