DataEase Open Source Tool Vulnerability in Template Management
CVE-2026-45419
8.5HIGH
What is CVE-2026-45419?
DataEase, an open source data visualization and analysis tool, contains a vulnerability in its template management system prior to version 2.10.23. The tool's handling of static resource names and Base64 content allows attackers to exploit the /de2api/templateManage/save endpoint. This improper extraction method that relies solely on the '/' character for file names results in potential path traversal attacks and arbitrary file writes, posing significant security risks to the application and its users. This issue has been addressed and resolved in version 2.10.23.
Affected Version(s)
dataease < 2.10.23
