diff --git a/apps/emqx_authz/etc/acl.conf b/apps/emqx_authz/etc/acl.conf
index d39490d46..a64287a4a 100644
--- a/apps/emqx_authz/etc/acl.conf
+++ b/apps/emqx_authz/etc/acl.conf
@@ -23,7 +23,7 @@
 %% -type(rule() :: {permission(), who(), access(), topics()} | {permission(), all}).
 %%--------------------------------------------------------------------
 
-{allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
+{allow, {username, {re, "^dashboard$"}}, subscribe, ["$SYS/#"]}.
 
 {allow, {ipaddr, "127.0.0.1"}, all, ["$SYS/#", "#"]}.
 
diff --git a/changes/ce/fix-10172.en.md b/changes/ce/fix-10172.en.md
new file mode 100644
index 000000000..d5cec50f8
--- /dev/null
+++ b/changes/ce/fix-10172.en.md
@@ -0,0 +1,9 @@
+Fix the incorrect default ACL rule, which was:
+```
+{allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
+```
+
+However, it should use `{re, "^dashboard$"}` to perform a regular expression match:
+```
+{allow, {username, {re,"^dashboard$"}}, subscribe, ["$SYS/#"]}.
+```
diff --git a/changes/ce/fix-10172.zh.md b/changes/ce/fix-10172.zh.md
new file mode 100644
index 000000000..bfdfab60c
--- /dev/null
+++ b/changes/ce/fix-10172.zh.md
@@ -0,0 +1,8 @@
+修复错误的默认 ACL 规则，之前是：
+```
+{allow, {username, "^dashboard?"}, subscribe, ["$SYS/#"]}.
+```
+但执行正则表达式的匹配应该使用 `{re, "^dashboard$"}`：
+```
+{allow, {username, {re, "^dashboard$"}}, subscribe, ["$SYS/#"]}.
+```