Search

Find a vulnerability

Search criteria

    202 vulnerabilities by Dataease

    CVE-2026-50124 (GCVE-0-2026-50124)

    Vulnerability from nvd – Published: 2026-07-15 19:38 – Updated: 2026-07-15 19:38
    VLAI
    Title
    DataEase: Remote Code Execution (RCE) via Zip Protocol & File Dropper
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where CalciteProvider.jdbcFetchResultField calls statement.executeQuery(), causing precompiled Java aliases in test.mv.db to execute arbitrary code. This issue is fixed in version 2.10.23.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where CalciteProvider.jdbcFetchResultField calls statement.executeQuery(), causing precompiled Java aliases in test.mv.db to execute arbitrary code. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:38:14.211Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-cjmg-jqmc-xj5v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-cjmg-jqmc-xj5v"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/304104d70e27a97f8909981f56209edc117dc285",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/304104d70e27a97f8909981f56209edc117dc285"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/a7bffa795cb0ca041dce0effe68479cf3bf13db1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/a7bffa795cb0ca041dce0effe68479cf3bf13db1"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-cjmg-jqmc-xj5v",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Remote Code Execution (RCE) via Zip Protocol \u0026 File Dropper"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-50124",
        "datePublished": "2026-07-15T19:38:14.211Z",
        "dateReserved": "2026-06-03T18:49:32.274Z",
        "dateUpdated": "2026-07-15T19:38:14.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50030 (GCVE-0-2026-50030)

    Vulnerability from nvd – Published: 2026-07-15 19:24 – Updated: 2026-07-15 19:24
    VLAI
    Title
    DataEase: Arbitrary SQL execution in preview path (direct data disclosure)
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then DatasetDataManage.previewSql stores decoded SQL in datasourceRequest.query and CalciteProvider.fetchResultField executes it with prepareStatement(...).executeQuery(), allowing arbitrary readable datasource tables to be queried and returned in preview responses. This issue is fixed in version 2.10.23.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then DatasetDataManage.previewSql stores decoded SQL in datasourceRequest.query and CalciteProvider.fetchResultField executes it with prepareStatement(...).executeQuery(), allowing arbitrary readable datasource tables to be queried and returned in preview responses. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:24:51.531Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-j4v5-5gcx-cvfc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-j4v5-5gcx-cvfc"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-j4v5-5gcx-cvfc",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Arbitrary SQL execution in preview path (direct data disclosure)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-50030",
        "datePublished": "2026-07-15T19:24:51.531Z",
        "dateReserved": "2026-06-02T22:46:02.580Z",
        "dateUpdated": "2026-07-15T19:24:51.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49867 (GCVE-0-2026-49867)

    Vulnerability from nvd – Published: 2026-07-15 19:41 – Updated: 2026-07-15 19:41
    VLAI
    Title
    DataEase: Authenticated Stored XSS in DataEase Template Static Resources
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which StaticResourceServer.saveFilesToServe and StaticResourceServer.saveSingleFileToServe write Base64-decoded .svg content to /de2api/static-resource/<name>.svg without validating extension, MIME type, decoded bytes, or SVG scriptability, causing stored same-origin cross-site scripting when a victim loads the resource. This issue is fixed in version 2.10.23.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which StaticResourceServer.saveFilesToServe and StaticResourceServer.saveSingleFileToServe write Base64-decoded .svg content to /de2api/static-resource/\u003cname\u003e.svg without validating extension, MIME type, decoded bytes, or SVG scriptability, causing stored same-origin cross-site scripting when a victim loads the resource. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:41:52.701Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-jqxj-h53x-mpvf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-jqxj-h53x-mpvf"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/b00d9e3a73a9653bfc3ea0c41c0c3a5b0dd40bf8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/b00d9e3a73a9653bfc3ea0c41c0c3a5b0dd40bf8"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-jqxj-h53x-mpvf",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Authenticated Stored XSS in DataEase Template Static Resources"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-49867",
        "datePublished": "2026-07-15T19:41:52.701Z",
        "dateReserved": "2026-06-01T22:03:19.641Z",
        "dateUpdated": "2026-07-15T19:41:52.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-46684 (GCVE-0-2026-46684)

    Vulnerability from nvd – Published: 2026-07-15 19:41 – Updated: 2026-07-15 19:41
    VLAI
    Title
    DataEase: Unauthorized Command Execution Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), which checks only token presence and length before userBOByToken(token) uses JWT.decode() without signature verification, allowing forged tokens with chosen uid and oid values to be accepted when licenseValid=true. This issue is fixed in version 2.10.23.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), which checks only token presence and length before userBOByToken(token) uses JWT.decode() without signature verification, allowing forged tokens with chosen uid and oid values to be accepted when licenseValid=true. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:41:15.036Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-gp6v-f7mm-458v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-gp6v-f7mm-458v"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/3efda9d29c0df4300d43bb7874638e03060c3e2d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/3efda9d29c0df4300d43bb7874638e03060c3e2d"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-gp6v-f7mm-458v",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Unauthorized Command Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-46684",
        "datePublished": "2026-07-15T19:41:15.036Z",
        "dateReserved": "2026-05-15T21:46:51.548Z",
        "dateUpdated": "2026-07-15T19:41:15.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45535 (GCVE-0-2026-45535)

    Vulnerability from nvd – Published: 2026-07-15 19:39 – Updated: 2026-07-15 19:39
    VLAI
    Title
    DataEase: Stored SQL Injection Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUtils.handleVariableDefaultValue() inserts them with String.replace() without escaping or parameterization, causing stored SQL injection whenever a user with dataset read permission accesses the dataset. This issue is fixed in version 2.10.23.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUtils.handleVariableDefaultValue() inserts them with String.replace() without escaping or parameterization, causing stored SQL injection whenever a user with dataset read permission accesses the dataset. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:39:47.951Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-pv23-p64m-4pxf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-pv23-p64m-4pxf"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-pv23-p64m-4pxf",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Stored SQL Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45535",
        "datePublished": "2026-07-15T19:39:47.951Z",
        "dateReserved": "2026-05-12T17:48:47.878Z",
        "dateUpdated": "2026-07-15T19:39:47.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45534 (GCVE-0-2026-45534)

    Vulnerability from nvd – Published: 2026-07-15 19:19 – Updated: 2026-07-15 19:19
    VLAI
    Title
    DataEase: RCE Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty("java.io.tmpdir"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty(\"java.io.tmpdir\"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:19:10.873Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-cv4c-8rpv-2x97",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-cv4c-8rpv-2x97"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/3e58149f1e014b1a7ae2c12134b37ae438f676ac",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/3e58149f1e014b1a7ae2c12134b37ae438f676ac"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-cv4c-8rpv-2x97",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: RCE Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45534",
        "datePublished": "2026-07-15T19:19:10.873Z",
        "dateReserved": "2026-05-12T17:48:47.878Z",
        "dateUpdated": "2026-07-15T19:19:10.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45533 (GCVE-0-2026-45533)

    Vulnerability from nvd – Published: 2026-07-15 19:39 – Updated: 2026-07-15 19:39
    VLAI
    Title
    DataEase: Path Traversal Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of arbitrary server directories through export task cleanup. This issue is fixed in version 2.10.23.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of arbitrary server directories through export task cleanup. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:39:08.658Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-mwr5-hw6p-cqmg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-mwr5-hw6p-cqmg"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/dba08037232cf4760fd9e9f36f4bef4e9330d041",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/dba08037232cf4760fd9e9f36f4bef4e9330d041"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-mwr5-hw6p-cqmg",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Path Traversal Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45533",
        "datePublished": "2026-07-15T19:39:08.658Z",
        "dateReserved": "2026-05-12T17:48:47.878Z",
        "dateUpdated": "2026-07-15T19:39:08.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45419 (GCVE-0-2026-45419)

    Vulnerability from nvd – Published: 2026-07-15 19:21 – Updated: 2026-07-15 19:21
    VLAI
    Title
    DataEase: Arbitrary File Write Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing path traversal and arbitrary file writes because only / was used when extracting the file name. This issue is fixed in version 2.10.23.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing path traversal and arbitrary file writes because only / was used when extracting the file name. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:21:46.596Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-83fh-fgh3-g9f9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-83fh-fgh3-g9f9"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/d34f413ef047bd275909d67310d200cbc8ae31ba",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/d34f413ef047bd275909d67310d200cbc8ae31ba"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-83fh-fgh3-g9f9",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45419",
        "datePublished": "2026-07-15T19:21:46.596Z",
        "dateReserved": "2026-05-12T01:48:40.453Z",
        "dateUpdated": "2026-07-15T19:21:46.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45417 (GCVE-0-2026-45417)

    Vulnerability from nvd – Published: 2026-07-15 19:20 – Updated: 2026-07-15 19:20
    VLAI
    Title
    DataEase: SQL injection vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvider#checkStatus, allowing SQL injection against DB2, SQL Server, PostgreSQL, and other affected datasources. This issue is fixed in version 2.10.23.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvider#checkStatus, allowing SQL injection against DB2, SQL Server, PostgreSQL, and other affected datasources. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:20:16.815Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-rg6c-r9mv-39fr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-rg6c-r9mv-39fr"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/f1c7204da1787ef812ee23cd3d51a1824126c1fb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/f1c7204da1787ef812ee23cd3d51a1824126c1fb"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-rg6c-r9mv-39fr",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: SQL injection vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45417",
        "datePublished": "2026-07-15T19:20:16.815Z",
        "dateReserved": "2026-05-12T01:48:40.453Z",
        "dateUpdated": "2026-07-15T19:20:16.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45320 (GCVE-0-2026-45320)

    Vulnerability from nvd – Published: 2026-07-15 19:40 – Updated: 2026-07-15 19:40
    VLAI
    Title
    DataEase Data Dashboard SqlVariable transFilter Unfiltered SQL Injection
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace("${var}", value) splices it into dashboard SQL, allowing authenticated users who can view a dashboard to inject SQL against integrated datasources. This issue is fixed in version 2.10.23
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace(\"${var}\", value) splices it into dashboard SQL, allowing authenticated users who can view a dashboard to inject SQL against integrated datasources. This issue is fixed in version 2.10.23"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:40:28.311Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-8vp9-9hx4-6458",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-8vp9-9hx4-6458"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/163d510c6935a4010727392f5a680a7dc15abb13",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/163d510c6935a4010727392f5a680a7dc15abb13"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-8vp9-9hx4-6458",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase Data Dashboard SqlVariable transFilter Unfiltered SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45320",
        "datePublished": "2026-07-15T19:40:28.311Z",
        "dateReserved": "2026-05-11T20:50:30.539Z",
        "dateUpdated": "2026-07-15T19:40:28.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-57172 (GCVE-0-2026-57172)

    Vulnerability from nvd – Published: 2026-07-07 20:33 – Updated: 2026-07-08 13:37
    VLAI
    Title
    DataEase: Hardcoded JWT Signing Secret in ShareLink
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator even if the original share has been revoked. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-321 - Use of Hard-coded Cryptographic Key
    • CWE-798 - Use of Hard-coded Credentials
    Assigner
    References
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-57172",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:37:32.958637Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:37:38.831Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator even if the original share has been revoked. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321: Use of Hard-coded Cryptographic Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-798",
                  "description": "CWE-798: Use of Hard-coded Credentials",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:33:26.555Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/356e83b518603f5612104760ced80aae8fc5d675",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/356e83b518603f5612104760ced80aae8fc5d675"
            }
          ],
          "source": {
            "advisory": "GHSA-7cpg-f4cj-7pgm",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Hardcoded JWT Signing Secret in ShareLink"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-57172",
        "datePublished": "2026-07-07T20:33:26.555Z",
        "dateReserved": "2026-06-24T01:47:55.285Z",
        "dateUpdated": "2026-07-08T13:37:38.831Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55647 (GCVE-0-2026-55647)

    Vulnerability from nvd – Published: 2026-07-07 20:37 – Updated: 2026-07-08 13:50
    VLAI
    Title
    DataEase: authenticated stored XSS in the dashboard text components
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable event handlers that execute when another user or shared-link visitor views the dashboard. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55647",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:50:15.562603Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:50:59.742Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable event handlers that execute when another user or shared-link visitor views the dashboard. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "LOW",
                "subIntegrityImpact": "LOW",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:37:54.884Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-4v63-24fg-pfg7"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/9565812980da781eda04c0a3632bf5dc8b0469f6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/9565812980da781eda04c0a3632bf5dc8b0469f6"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/adab5f1e8954ff91830a3b2f052a42a139d978e1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/adab5f1e8954ff91830a3b2f052a42a139d978e1"
            }
          ],
          "source": {
            "advisory": "GHSA-4v63-24fg-pfg7",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: authenticated stored XSS in the dashboard text components"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55647",
        "datePublished": "2026-07-07T20:37:54.884Z",
        "dateReserved": "2026-06-16T23:52:12.058Z",
        "dateUpdated": "2026-07-08T13:50:59.742Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55635 (GCVE-0-2026-55635)

    Vulnerability from nvd – Published: 2026-07-07 20:35 – Updated: 2026-07-09 14:42
    VLAI
    Title
    DataEase: Authenticated SQL Injection in Chart Quota Filters
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL literal validation and escaping used by other filter paths, allowing an authenticated user who can create or modify chart definitions or submit chart data requests containing quota filters to inject SQL into queries executed against configured datasources. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    References
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55635",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:21:12.104328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:42:27.348Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL literal validation and escaping used by other filter paths, allowing an authenticated user who can create or modify chart definitions or submit chart data requests containing quota filters to inject SQL into queries executed against configured datasources. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:35:43.173Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-p758-rx6v-hc8g",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-p758-rx6v-hc8g"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/4463e21cb73d3d4bb8af89a0cb71ee403e4b808a",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/4463e21cb73d3d4bb8af89a0cb71ee403e4b808a"
            }
          ],
          "source": {
            "advisory": "GHSA-p758-rx6v-hc8g",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Authenticated SQL Injection in Chart Quota Filters"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55635",
        "datePublished": "2026-07-07T20:35:43.173Z",
        "dateReserved": "2026-06-16T23:52:12.056Z",
        "dateUpdated": "2026-07-09T14:42:27.348Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55633 (GCVE-0-2026-55633)

    Vulnerability from nvd – Published: 2026-07-07 20:27 – Updated: 2026-07-08 14:46
    VLAI
    Title
    DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55633",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T14:45:59.007550Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T14:46:11.454Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:27:28.491Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/265b31179f1427c059f739841f2e39aaa6d1b937",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/265b31179f1427c059f739841f2e39aaa6d1b937"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.24"
            }
          ],
          "source": {
            "advisory": "GHSA-8x36-774q-pwqg",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase H2 RCE via Zip Protocol \u0026 File Dropper Fix bypass"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55633",
        "datePublished": "2026-07-07T20:27:28.491Z",
        "dateReserved": "2026-06-16T23:52:12.056Z",
        "dateUpdated": "2026-07-08T14:46:11.454Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-55631 (GCVE-0-2026-55631)

    Vulnerability from nvd – Published: 2026-07-07 20:24 – Updated: 2026-07-08 12:55
    VLAI
    Title
    DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font storage directory and passes it to FileUtils.deleteFile() without path traversal sanitization, allowing deletion of arbitrary writable files in the application container. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-55631",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T12:55:13.912367Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T12:55:40.744Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font storage directory and passes it to FileUtils.deleteFile() without path traversal sanitization, allowing deletion of arbitrary writable files in the application container. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:24:56.074Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-r99p-w8fc-93g6"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.24"
            }
          ],
          "source": {
            "advisory": "GHSA-r99p-w8fc-93g6",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-55631",
        "datePublished": "2026-07-07T20:24:56.074Z",
        "dateReserved": "2026-06-16T23:52:12.056Z",
        "dateUpdated": "2026-07-08T12:55:40.744Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53751 (GCVE-0-2026-53751)

    Vulnerability from nvd – Published: 2026-07-07 20:31 – Updated: 2026-07-08 13:49
    VLAI
    Title
    DataEase: H2 JDBC URL Filter Bypass Leads to Remote Code Execution (RCE)
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous parameters such as init in malicious H2 JDBC connection strings and achieve arbitrary code execution. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53751",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:48:50.317866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:49:16.880Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous parameters such as init in malicious H2 JDBC connection strings and achieve arbitrary code execution. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:31:12.180Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/2204258118eac6160a6636ca20dbedb0d3f95747",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/2204258118eac6160a6636ca20dbedb0d3f95747"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.24"
            }
          ],
          "source": {
            "advisory": "GHSA-xjhm-r8p8-c2cg",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: H2 JDBC URL Filter Bypass Leads to Remote Code Execution (RCE)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53751",
        "datePublished": "2026-07-07T20:31:12.180Z",
        "dateReserved": "2026-06-10T17:48:40.545Z",
        "dateUpdated": "2026-07-08T13:49:16.880Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53730 (GCVE-0-2026-53730)

    Vulnerability from nvd – Published: 2026-07-07 20:29 – Updated: 2026-07-09 14:42
    VLAI
    Title
    DataEase: Unauthorized Access to Engine Database via previewSql Endpoint
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute arbitrary SQL statements, and read sensitive core data. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53730",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T14:21:13.495690Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T14:42:33.726Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/datasetData/previewSql endpoint lacks the mandatory @DePermit permission validation annotation, allowing any authenticated user to specify datasourceId=-1, access the built-in engine database, execute arbitrary SQL statements, and read sensitive core data. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862: Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:29:19.728Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-2jmq-vffm-4qmj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-2jmq-vffm-4qmj"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/7b47af38b8fa017c9eecb00a4a49264663189e7b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/7b47af38b8fa017c9eecb00a4a49264663189e7b"
            }
          ],
          "source": {
            "advisory": "GHSA-2jmq-vffm-4qmj",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Unauthorized Access to Engine Database via previewSql Endpoint"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53730",
        "datePublished": "2026-07-07T20:29:19.728Z",
        "dateReserved": "2026-06-10T16:43:31.242Z",
        "dateUpdated": "2026-07-09T14:42:33.726Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-53729 (GCVE-0-2026-53729)

    Vulnerability from nvd – Published: 2026-07-07 20:23 – Updated: 2026-07-08 14:49
    VLAI
    Title
    DataEase ExportCenter IDOR allows cross-user export task access
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks belonging to other users by manipulating the task ID parameter, and the /exportCenter/download/{id} endpoint is whitelisted from authentication, allowing unauthenticated access to exported files. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-53729",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T14:49:52.215818Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T14:49:59.141Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks belonging to other users by manipulating the task ID parameter, and the /exportCenter/download/{id} endpoint is whitelisted from authentication, allowing unauthenticated access to exported files. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:23:08.560Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-9423-78gr-xjj5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-9423-78gr-xjj5"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/57e90bdcc21c3fa2ec57184671603ad88a5b941b",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/57e90bdcc21c3fa2ec57184671603ad88a5b941b"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.24"
            }
          ],
          "source": {
            "advisory": "GHSA-9423-78gr-xjj5",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase ExportCenter IDOR allows cross-user export task access"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-53729",
        "datePublished": "2026-07-07T20:23:08.560Z",
        "dateReserved": "2026-06-10T16:43:31.242Z",
        "dateUpdated": "2026-07-08T14:49:59.141Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50530 (GCVE-0-2026-50530)

    Vulnerability from nvd – Published: 2026-07-07 20:41 – Updated: 2026-07-08 13:57
    VLAI
    Title
    DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an attacker with a valid share link token to replace dataset identifiers and retrieve unauthorized data through POST /de2api/chartData/getData. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-639 - Authorization Bypass Through User-Controlled Key
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50530",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:54:45.493386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:57:27.568Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs in the request body belong to the shared resource, allowing an attacker with a valid share link token to replace dataset identifiers and retrieve unauthorized data through POST /de2api/chartData/getData. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-639",
                  "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:41:07.576Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-qcf4-345v-6vg9"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.24"
            }
          ],
          "source": {
            "advisory": "GHSA-qcf4-345v-6vg9",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Token with Overly Broad Privileges in Share Mode: Access to Unshared Datasets"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-50530",
        "datePublished": "2026-07-07T20:41:07.576Z",
        "dateReserved": "2026-06-04T20:37:18.652Z",
        "dateUpdated": "2026-07-08T13:57:27.568Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50529 (GCVE-0-2026-50529)

    Vulnerability from nvd – Published: 2026-07-07 20:39 – Updated: 2026-07-08 13:14
    VLAI
    Title
    DataEase: Link Token Leakage Prior to Share Password/Ticket Validation
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid link token for subsequent share-related API calls even with missing or invalid credentials. This issue is fixed in version 2.10.24.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-863 - Incorrect Authorization
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.24
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-50529",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-08T13:13:30.348616Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-08T13:14:13.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.24"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the /de2api/share/proxyInfo share interface generates and returns X-DE-LINK-TOKEN before validating the share password or ticket, allowing unauthenticated attackers who know a protected share UUID to obtain a valid link token for subsequent share-related API calls even with missing or invalid credentials. This issue is fixed in version 2.10.24."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-863",
                  "description": "CWE-863: Incorrect Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-07T20:39:23.727Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-7287-qqj9-phr6"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/c4e85a981e53c95b1ea73757db31e3025efdc410"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.24",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.24"
            }
          ],
          "source": {
            "advisory": "GHSA-7287-qqj9-phr6",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Link Token Leakage Prior to Share Password/Ticket Validation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-50529",
        "datePublished": "2026-07-07T20:39:23.727Z",
        "dateReserved": "2026-06-04T20:37:18.652Z",
        "dateUpdated": "2026-07-08T13:14:13.484Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-49867 (GCVE-0-2026-49867)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:41 – Updated: 2026-07-15 19:41
    VLAI
    Title
    DataEase: Authenticated Stored XSS in DataEase Template Static Resources
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which StaticResourceServer.saveFilesToServe and StaticResourceServer.saveSingleFileToServe write Base64-decoded .svg content to /de2api/static-resource/<name>.svg without validating extension, MIME type, decoded bytes, or SVG scriptability, causing stored same-origin cross-site scripting when a victim loads the resource. This issue is fixed in version 2.10.23.
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which StaticResourceServer.saveFilesToServe and StaticResourceServer.saveSingleFileToServe write Base64-decoded .svg content to /de2api/static-resource/\u003cname\u003e.svg without validating extension, MIME type, decoded bytes, or SVG scriptability, causing stored same-origin cross-site scripting when a victim loads the resource. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "PASSIVE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:H/SI:H/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:41:52.701Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-jqxj-h53x-mpvf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-jqxj-h53x-mpvf"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/b00d9e3a73a9653bfc3ea0c41c0c3a5b0dd40bf8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/b00d9e3a73a9653bfc3ea0c41c0c3a5b0dd40bf8"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-jqxj-h53x-mpvf",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Authenticated Stored XSS in DataEase Template Static Resources"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-49867",
        "datePublished": "2026-07-15T19:41:52.701Z",
        "dateReserved": "2026-06-01T22:03:19.641Z",
        "dateUpdated": "2026-07-15T19:41:52.701Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-46684 (GCVE-0-2026-46684)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:41 – Updated: 2026-07-15 19:41
    VLAI
    Title
    DataEase: Unauthorized Command Execution Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), which checks only token presence and length before userBOByToken(token) uses JWT.decode() without signature verification, allowing forged tokens with chosen uid and oid values to be accepted when licenseValid=true. This issue is fixed in version 2.10.23.
    CWE
    • CWE-347 - Improper Verification of Cryptographic Signature
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase enterprise token handling can let TokenFilter#doFilter() pass X-DE-TOKEN values to TokenUtils.validate(), which checks only token presence and length before userBOByToken(token) uses JWT.decode() without signature verification, allowing forged tokens with chosen uid and oid values to be accepted when licenseValid=true. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9.5,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-347",
                  "description": "CWE-347: Improper Verification of Cryptographic Signature",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:41:15.036Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-gp6v-f7mm-458v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-gp6v-f7mm-458v"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/3efda9d29c0df4300d43bb7874638e03060c3e2d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/3efda9d29c0df4300d43bb7874638e03060c3e2d"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-gp6v-f7mm-458v",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Unauthorized Command Execution Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-46684",
        "datePublished": "2026-07-15T19:41:15.036Z",
        "dateReserved": "2026-05-15T21:46:51.548Z",
        "dateUpdated": "2026-07-15T19:41:15.036Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45320 (GCVE-0-2026-45320)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:40 – Updated: 2026-07-15 19:40
    VLAI
    Title
    DataEase Data Dashboard SqlVariable transFilter Unfiltered SQL Injection
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace("${var}", value) splices it into dashboard SQL, allowing authenticated users who can view a dashboard to inject SQL against integrated datasources. This issue is fixed in version 2.10.23
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace(\"${var}\", value) splices it into dashboard SQL, allowing authenticated users who can view a dashboard to inject SQL against integrated datasources. This issue is fixed in version 2.10.23"
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:40:28.311Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-8vp9-9hx4-6458",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-8vp9-9hx4-6458"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/163d510c6935a4010727392f5a680a7dc15abb13",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/163d510c6935a4010727392f5a680a7dc15abb13"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-8vp9-9hx4-6458",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase Data Dashboard SqlVariable transFilter Unfiltered SQL Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45320",
        "datePublished": "2026-07-15T19:40:28.311Z",
        "dateReserved": "2026-05-11T20:50:30.539Z",
        "dateUpdated": "2026-07-15T19:40:28.311Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45535 (GCVE-0-2026-45535)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:39 – Updated: 2026-07-15 19:39
    VLAI
    Title
    DataEase: Stored SQL Injection Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUtils.handleVariableDefaultValue() inserts them with String.replace() without escaping or parameterization, causing stored SQL injection whenever a user with dataset read permission accesses the dataset. This issue is fixed in version 2.10.23.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUtils.handleVariableDefaultValue() inserts them with String.replace() without escaping or parameterization, causing stored SQL injection whenever a user with dataset read permission accesses the dataset. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:39:47.951Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-pv23-p64m-4pxf",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-pv23-p64m-4pxf"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-pv23-p64m-4pxf",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Stored SQL Injection Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45535",
        "datePublished": "2026-07-15T19:39:47.951Z",
        "dateReserved": "2026-05-12T17:48:47.878Z",
        "dateUpdated": "2026-07-15T19:39:47.951Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45533 (GCVE-0-2026-45533)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:39 – Updated: 2026-07-15 19:39
    VLAI
    Title
    DataEase: Path Traversal Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of arbitrary server directories through export task cleanup. This issue is fixed in version 2.10.23.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase export-center deletion can accept path traversal sequences such as ../ in the bulk delete API endpoint and pass attacker-controlled identifiers to ExportCenterManage.delete, allowing recursive deletion of arbitrary server directories through export task cleanup. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.3,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:39:08.658Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-mwr5-hw6p-cqmg",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-mwr5-hw6p-cqmg"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/dba08037232cf4760fd9e9f36f4bef4e9330d041",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/dba08037232cf4760fd9e9f36f4bef4e9330d041"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-mwr5-hw6p-cqmg",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Path Traversal Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45533",
        "datePublished": "2026-07-15T19:39:08.658Z",
        "dateReserved": "2026-05-12T17:48:47.878Z",
        "dateUpdated": "2026-07-15T19:39:08.658Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50124 (GCVE-0-2026-50124)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:38 – Updated: 2026-07-15 19:38
    VLAI
    Title
    DataEase: Remote Code Execution (RCE) via Zip Protocol & File Dropper
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where CalciteProvider.jdbcFetchResultField calls statement.executeQuery(), causing precompiled Java aliases in test.mv.db to execute arbitrary code. This issue is fixed in version 2.10.23.
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where CalciteProvider.jdbcFetchResultField calls statement.executeQuery(), causing precompiled Java aliases in test.mv.db to execute arbitrary code. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:38:14.211Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-cjmg-jqmc-xj5v",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-cjmg-jqmc-xj5v"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/304104d70e27a97f8909981f56209edc117dc285",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/304104d70e27a97f8909981f56209edc117dc285"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/a7bffa795cb0ca041dce0effe68479cf3bf13db1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/a7bffa795cb0ca041dce0effe68479cf3bf13db1"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-cjmg-jqmc-xj5v",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Remote Code Execution (RCE) via Zip Protocol \u0026 File Dropper"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-50124",
        "datePublished": "2026-07-15T19:38:14.211Z",
        "dateReserved": "2026-06-03T18:49:32.274Z",
        "dateUpdated": "2026-07-15T19:38:14.211Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-50030 (GCVE-0-2026-50030)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:24 – Updated: 2026-07-15 19:24
    VLAI
    Title
    DataEase: Arbitrary SQL execution in preview path (direct data disclosure)
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then DatasetDataManage.previewSql stores decoded SQL in datasourceRequest.query and CalciteProvider.fetchResultField executes it with prepareStatement(...).executeQuery(), allowing arbitrary readable datasource tables to be queried and returned in preview responses. This issue is fixed in version 2.10.23.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL preview exposes DatasetDataApi.previewSql/previewSqlCheck through /de2api/datasetData/previewSql, accepts PreviewSqlDTO.sql, PreviewSqlDTO.datasourceId, and PreviewSqlDTO.isCross, then DatasetDataManage.previewSql stores decoded SQL in datasourceRequest.query and CalciteProvider.fetchResultField executes it with prepareStatement(...).executeQuery(), allowing arbitrary readable datasource tables to be queried and returned in preview responses. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:24:51.531Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-j4v5-5gcx-cvfc",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-j4v5-5gcx-cvfc"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/22930a493d900fe3d8084b3dd4c0125abdb2a847"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-j4v5-5gcx-cvfc",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Arbitrary SQL execution in preview path (direct data disclosure)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-50030",
        "datePublished": "2026-07-15T19:24:51.531Z",
        "dateReserved": "2026-06-02T22:46:02.580Z",
        "dateUpdated": "2026-07-15T19:24:51.531Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45419 (GCVE-0-2026-45419)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:21 – Updated: 2026-07-15 19:21
    VLAI
    Title
    DataEase: Arbitrary File Write Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing path traversal and arbitrary file writes because only / was used when extracting the file name. This issue is fixed in version 2.10.23.
    CWE
    • CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing path traversal and arbitrary file writes because only / was used when extracting the file name. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.5,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-22",
                  "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:21:46.596Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-83fh-fgh3-g9f9",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-83fh-fgh3-g9f9"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/d34f413ef047bd275909d67310d200cbc8ae31ba",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/d34f413ef047bd275909d67310d200cbc8ae31ba"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-83fh-fgh3-g9f9",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: Arbitrary File Write Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45419",
        "datePublished": "2026-07-15T19:21:46.596Z",
        "dateReserved": "2026-05-12T01:48:40.453Z",
        "dateUpdated": "2026-07-15T19:21:46.596Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45417 (GCVE-0-2026-45417)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:20 – Updated: 2026-07-15 19:20
    VLAI
    Title
    DataEase: SQL injection vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvider#checkStatus, allowing SQL injection against DB2, SQL Server, PostgreSQL, and other affected datasources. This issue is fixed in version 2.10.23.
    CWE
    • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvider#checkStatus, allowing SQL injection against DB2, SQL Server, PostgreSQL, and other affected datasources. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "LOW",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:20:16.815Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-rg6c-r9mv-39fr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-rg6c-r9mv-39fr"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/f1c7204da1787ef812ee23cd3d51a1824126c1fb",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/f1c7204da1787ef812ee23cd3d51a1824126c1fb"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-rg6c-r9mv-39fr",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: SQL injection vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45417",
        "datePublished": "2026-07-15T19:20:16.815Z",
        "dateReserved": "2026-05-12T01:48:40.453Z",
        "dateUpdated": "2026-07-15T19:20:16.815Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-45534 (GCVE-0-2026-45534)

    Vulnerability from cvelistv5 – Published: 2026-07-15 19:19 – Updated: 2026-07-15 19:19
    VLAI
    Title
    DataEase: RCE Vulnerability
    Summary
    DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty("java.io.tmpdir"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23.
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Vendor Product Version
    dataease dataease Affected: < 2.10.23
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "product": "dataease",
              "vendor": "dataease",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 2.10.23"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty(\"java.io.tmpdir\"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "HIGH",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 9,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "LOW",
                "subAvailabilityImpact": "HIGH",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "HIGH",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "HIGH"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-15T19:19:10.873Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/dataease/dataease/security/advisories/GHSA-cv4c-8rpv-2x97",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/dataease/dataease/security/advisories/GHSA-cv4c-8rpv-2x97"
            },
            {
              "name": "https://github.com/dataease/dataease/commit/3e58149f1e014b1a7ae2c12134b37ae438f676ac",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/commit/3e58149f1e014b1a7ae2c12134b37ae438f676ac"
            },
            {
              "name": "https://github.com/dataease/dataease/releases/tag/v2.10.23",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/dataease/dataease/releases/tag/v2.10.23"
            }
          ],
          "source": {
            "advisory": "GHSA-cv4c-8rpv-2x97",
            "discovery": "UNKNOWN"
          },
          "title": "DataEase: RCE Vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-45534",
        "datePublished": "2026-07-15T19:19:10.873Z",
        "dateReserved": "2026-05-12T17:48:47.878Z",
        "dateUpdated": "2026-07-15T19:19:10.873Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }