DataEase Open Source Tool Vulnerability in Template Management
CVE-2026-45419

8.5HIGH

Key Information:

Vendor

Dataease

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-45419?

DataEase, an open source data visualization and analysis tool, contains a vulnerability in its template management system prior to version 2.10.23. The tool's handling of static resource names and Base64 content allows attackers to exploit the /de2api/templateManage/save endpoint. This improper extraction method that relies solely on the '/' character for file names results in potential path traversal attacks and arbitrary file writes, posing significant security risks to the application and its users. This issue has been addressed and resolved in version 2.10.23.

Affected Version(s)

dataease < 2.10.23

References

CVSS V4

Score:
8.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.