Path Traversal Vulnerability in DataEase Affecting Previous Versions
CVE-2026-45533
8.3HIGH
What is CVE-2026-45533?
DataEase, an open source tool for data visualization and analysis, exhibits a path traversal vulnerability in its export-center deletion feature. Prior to version 2.10.23, the bulk delete API endpoint allowed for the inclusion of path traversal sequences such as '../'. This flaw could result in the passing of attacker-controlled identifiers to the ExportCenterManage.delete function, enabling recursive deletion of arbitrary server directories during export task cleanup. Users are strongly urged to upgrade to version 2.10.23 or later to mitigate these risks.
Affected Version(s)
dataease < 2.10.23
