CVE-2026-3052
Received Received - Intake
Server-Side Request Forgery in DataLinkDC Flink Proxy Controller

Publication date: 2026-02-24

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in DataLinkDC dinky up to 1.2.5. The impacted element is the function proxyUba of the file dinky-admin/src/main/java/org/dinky/controller/FlinkProxyController.java of the component Flink Proxy Controller. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-24
Last Modified
2026-04-29
Generated
2026-05-27
AI Q&A
2026-02-24
EPSS Evaluated
2026-05-25
NVD
CVE-2026-3052
EUVD
EUVD-2026-7433
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dinky dinky to 1.2.5 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-918 The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-3052 is a Server-Side Request Forgery (SSRF) vulnerability found in DataLinkDC dinky versions up to 1.2.5, specifically in the Flink Proxy Controller component. The vulnerability exists because the proxyUba function accepts arbitrary URLs from authenticated users without proper validation or whitelisting.

This flaw allows attackers to craft HTTP requests that the Dinky server executes, targeting internal network resources, cloud metadata services, localhost services, and other unauthorized endpoints. The attacker can manipulate the input to the proxyUba function to make the server send requests on their behalf.

The vulnerability is remotely exploitable by authenticated users and has a public proof-of-concept exploit available. The vendor was notified but did not respond or provide a fix.


How can this vulnerability impact me? :

Exploitation of this SSRF vulnerability can lead to several serious impacts on the affected system and infrastructure.

  • Credential theft by accessing cloud metadata services (e.g., AWS IAM credentials, GCP service accounts, Azure tokens).
  • Internal network reconnaissance by scanning and enumerating internal services, databases, caches, and administrative interfaces.
  • Lateral movement within the affected infrastructure by accessing internal APIs and services that are normally protected.
  • Compromise of confidentiality due to exposure of sensitive internal resources.

Integrity and availability are not directly affected by this vulnerability.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by monitoring and analyzing proxy requests made to the Flink Proxy Controller, specifically looking for unusual or unauthorized HTTP requests initiated by the proxyUba function. Detection involves logging all proxy requests with user identity, target URL, timestamp, and response status, and generating alerts on requests to internal IP ranges, cloud metadata endpoints, failed proxy attempts, and access to non-Flink endpoints.'}, {'type': 'paragraph', 'content': 'To detect exploitation attempts on your system or network, you can look for HTTP requests to internal or sensitive IP addresses such as 169.254.169.254 (cloud metadata service), localhost (127.0.0.1), and private network ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) that are proxied through the vulnerable endpoint.'}, {'type': 'paragraph', 'content': 'Suggested commands include using network monitoring tools or web server access logs to filter requests matching the vulnerable proxy path pattern, for example:'}, {'type': 'list_item', 'content': 'Using grep on web server logs to find suspicious proxy requests: grep "/api/flink/http" /var/log/dinky/access.log'}, {'type': 'list_item', 'content': 'Using curl or similar tools to test if the proxy endpoint is accessible and vulnerable: curl -i -H "Cookie: valid_session_cookie" "http://dinky-server/api/flink/http://169.254.169.254/latest/meta-data/"'}, {'type': 'list_item', 'content': 'Using network monitoring tools like tcpdump or Wireshark to capture and analyze outgoing HTTP requests from the Dinky server to internal IP ranges.'}] [3]


What immediate steps should I take to mitigate this vulnerability?

Immediate mitigation steps include implementing strict controls to prevent exploitation of the SSRF vulnerability in the Flink Proxy Controller:

  • Implement a strict URL whitelist restricting proxy targets to predefined trusted Flink cluster endpoints, ensuring that only relative paths without URL schemes are accepted.
  • Add network-level controls such as firewall rules on the Dinky server to block access to sensitive IP ranges including cloud metadata IP (169.254.169.254), loopback addresses (127.0.0.0/8), private networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16), and link-local addresses (169.254.0.0/16).
  • Strengthen authorization by replacing generic login checks with role-based access control annotations to restrict proxy usage to authorized roles and enable auditing.
  • Implement monitoring and alerting by logging all proxy requests with user identity, target URL, timestamp, and response status, and generate alerts on suspicious requests.

Since no official patch or fix has been released and the vendor has not responded, users are advised to consider replacing the affected product with alternatives if possible.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart