Remote Code Execution Vulnerability in DataEase Data Visualization Platform
CVE-2026-40901

7.5HIGH

Key Information:

Vendor: Dataease
Status: Dataease
Vendor: CVE Published:; 16 April 2026

What is CVE-2026-40901?

The DataEase data visualization and analytics platform is susceptible to a remote code execution vulnerability due to the bundling of legacy libraries which lack proper deserialization filtering. Running on versions 2.10.20 and below, this flaw allows an authenticated attacker with the capability to modify Quartz job data to exploit the system. By inserting a crafted payload into the job's data, the attacker can trigger arbitrary code execution when the job is activated. This issue has been identified and rectified in version 2.10.21.

Affected Version(s)

dataease < 2.10.21

References

https://github.com/dataease/dataease/security/advisories/...

x_refsource_CONFIRM

https://github.com/dataease/dataease/releases/tag/v2.10.21

x_refsource_MISC

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2026
Vulnerability Reserved
Apr 15, 2026

CVE-2026-40901 Data

JSON

Dataease

What is CVE-2026-40901?

Affected Version(s)

References

CVSS V4

Timeline