8.2 CVE-2026-46485

Enriched by CISA Privilege Escalation Path Traversal Local Execution Code
 

Dashy is a self-hostable personal dashboard. Prior to 4.0.8, Dashy deployments using OIDC can allow unauthenticated users or non-admin authenticated users to write changes to the main config.yaml through the config-saving functionality despite configured permissions, allowing unauthorized modification of dashboard configuration and potential service disruption. This issue is fixed in version 4.0.8.
https://nvd.nist.gov/vuln/detail/CVE-2026-46485

Categories

CWE-15 : External Control of System or Configuration Setting
Allowing external control of system settings can disrupt service or cause an application to behave in unexpected, and potentially malicious ways.

References


 

AFFECTED (from MITRE)


Vendor Product Versions
lissy93 dashy
  • < 4.0.8 [affected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
13 Subverting Environment Variable Values
Very High
146 XML Schema Poisoning
High
176 Configuration/Environment Manipulation
Medium
203 Manipulate Registry Information
Medium
270 Modification of Registry Run Keys
Medium
271 Schema Poisoning
High
579 Replace Winlogon Helper DLL
69 Target Programs with Elevated Privileges
Very High
76 Manipulating Web Input to File System Calls
Very High
77 Manipulating User-Controlled Variables
Very High


MITRE


Techniques

id description
T1112 Modify Registry
T1547.001 Boot or Logon Autostart Execution: Registry Run Keys / Start Folder
T1547.004 Boot or Logon Autostart Execution: Winlogon helper DLL
T1547.014 Boot or Logon Autostart Execution: Active
T1562.003 Impair Defenses:Impair Command History Logging
T1574.006 Hijack Execution Flow:Dynamic Linker Hijacking
T1574.007 Hijack Execution Flow:Path Interception by PATH Environment Variable
T1647 Plist Modification
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
M1024 Ensure proper permissions are set for Registry hives to prevent users from modifying keys for system components that may lead to privilege escalation.
M1018 Limit the privileges of user accounts so that only authorized administrators can perform Winlogon helper changes.
M1028 Make sure that the <code>HISTCONTROL</code> environment variable is set to “ignoredups” instead of “ignoreboth” or “ignorespace”.
M1028 When System Integrity Protection (SIP) is enabled in macOS, the aforementioned environment variables are ignored when executing protected binaries. Third-party applications can also leverage Apple’s Hardened Runtime, ensuring these environment variables are subject to imposed restrictions. Admins can add restrictions to applications by setting the setuid and/or setgid bits, use entitlements, or have a __RESTRICT segment in the Mach-O binary.
M1022 Ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory <code>C:</code> and system directories, such as <code>C:Windows</code>, to reduce places where malicious files could be placed for execution. Require that all executables be placed in write-protected directories.
M1013 Ensure applications are using Apple's developer guidance which enables hardened runtime.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.