Skip to main content

Dashy EUVDEUVD-2026-44759

| CVE-2026-46485 HIGH
External Control of System or Configuration Setting (CWE-15)
2026-07-15 GitHub_M
8.2
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.2 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
vuln.today AI
8.2 HIGH

Unauthenticated network write to config (PR:N, I:H) with minor service disruption (A:L) and no data disclosure (C:N); OIDC dependency treated as a deployment precondition, not added complexity.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
Low

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 21:18 EUVD
Analysis Generated
Jul 15, 2026 - 18:45 vuln.today
CVE Published
Jul 15, 2026 - 18:08 cve.org
HIGH 8.2

DescriptionCVE.org

Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.

AnalysisAI

Unauthorized configuration write in Dashy self-hosted dashboard (versions prior to 4.0.8) lets unauthenticated users or non-admin authenticated users overwrite the central config.yaml via the config-saving endpoint when the deployment uses OIDC authentication, bypassing configured permission controls. Successful abuse enables tampering with dashboard configuration and potential service disruption. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach OIDC-enabled Dashy over network
Delivery
Send crafted config-save request
Exploit
Bypass admin permission check
Execution
Write attacker content to config.yaml
Impact
Disrupt dashboard or mislead users

Vulnerability AssessmentAI

Exploitation Requires the Dashy instance to be deployed with OIDC as the authentication backend and to have the config-saving (write-to-config.yaml) functionality reachable - that specific configuration IS the precondition; instances not using OIDC are not affected by this bypass. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L, base 8.2) describes a network-reachable, low-complexity, unauthenticated integrity attack with no confidentiality loss and limited availability impact - consistent with silently rewriting configuration rather than reading data or executing code. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an OIDC-configured Dashy instance over the network sends a crafted request to the config-saving functionality without valid admin privileges, and the server accepts the write despite the configured permissions. The attacker overwrites config.yaml - for example injecting altered links/widgets or malformed settings - to disrupt the dashboard or mislead users. …
Remediation Vendor-released patch: upgrade to Dashy 4.0.8, which corrects the permission enforcement on the config-saving path (release: https://github.com/lissy93/dashy/releases/tag/4.0.8; advisory: https://github.com/lissy93/dashy/security/advisories/GHSA-vjj9-fmvr-6h3p). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Audit your deployed Dashy versions and if running any release prior to 4.0.8, immediately implement network-level access controls restricting unauthenticated traffic to the configuration-saving endpoint. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-44759 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy