CVE-2026-46485
Lissy93 · Dashy
Dashy contains a vulnerability allowing for improper access control and authentication, which may lead to unauthorized system configuration changes.
Executive summary
An improper access control vulnerability in Lissy93 Dashy versions prior to 4.0.8 poses a high risk of unauthorized configuration manipulation.
Vulnerability
This vulnerability involves improper authentication and access control mechanisms, allowing unauthenticated attackers to potentially modify system settings or configurations.
Business impact
The ability for an unauthenticated attacker to alter dashboard configurations can lead to severe operational disruption or the exposure of sensitive internal service references. With a CVSS score of 8.2, this high-severity flaw represents a significant risk to the integrity and availability of the self-hosted dashboard environment.
Remediation
Immediate Action: Update Dashy to version 4.0.8 or later immediately to resolve the authentication and access control flaws.
Proactive Monitoring: Review system configuration files for unexpected changes and monitor access logs for unauthorized attempts to reach administrative endpoints.
Compensating Controls: Restrict network access to the Dashy instance using a VPN or IP allowlisting at the firewall level to prevent external, unauthenticated exposure.
Exploitation status
Public Exploit Available: No confirmed public exploit in the available data.
Analyst recommendation
Given the high CVSS score and the nature of the vulnerability, administrators must prioritize patching this system. Please apply the 4.0.8 update as soon as possible to prevent potential unauthorized access and configuration tampering.