CVE-2026-46485

Lissy93 · Dashy

Dashy contains a vulnerability allowing for improper access control and authentication, which may lead to unauthorized system configuration changes.

Executive summary

An improper access control vulnerability in Lissy93 Dashy versions prior to 4.0.8 poses a high risk of unauthorized configuration manipulation.

Vulnerability

This vulnerability involves improper authentication and access control mechanisms, allowing unauthenticated attackers to potentially modify system settings or configurations.

Business impact

The ability for an unauthenticated attacker to alter dashboard configurations can lead to severe operational disruption or the exposure of sensitive internal service references. With a CVSS score of 8.2, this high-severity flaw represents a significant risk to the integrity and availability of the self-hosted dashboard environment.

Remediation

Immediate Action: Update Dashy to version 4.0.8 or later immediately to resolve the authentication and access control flaws.

Proactive Monitoring: Review system configuration files for unexpected changes and monitor access logs for unauthorized attempts to reach administrative endpoints.

Compensating Controls: Restrict network access to the Dashy instance using a VPN or IP allowlisting at the firewall level to prevent external, unauthenticated exposure.

Exploitation status

Public Exploit Available: No confirmed public exploit in the available data.

Analyst recommendation

Given the high CVSS score and the nature of the vulnerability, administrators must prioritize patching this system. Please apply the 4.0.8 update as soon as possible to prevent potential unauthorized access and configuration tampering.