SQL Injection Vulnerability in DataEase Open Source Tool
CVE-2026-45417
8.7HIGH
What is CVE-2026-45417?
DataEase, an open source data visualization and analysis tool, presents an SQL injection vulnerability whereby the connection status checks improperly handle SQL queries. Specifically, before version 2.10.23, the function concatenates configuration.getSchema() into getTablesSql, leading to unsafe execution of the SQL queries via the executeQuery method. This flaw can be exploited against various database systems, including DB2, SQL Server, and PostgreSQL, if not mitigated.
Affected Version(s)
dataease < 2.10.23
