SQL Injection Vulnerability in DataEase Open Source Visualization Tool
CVE-2026-45535
8.7HIGH
What is CVE-2026-45535?
DataEase, an open source tool for data visualization and analysis, has a vulnerability in its handling of SQL-type datasets. Prior to version 2.10.23, the application allows attacker-controlled entries for SQL variable default values. These are inserted unsanitized using String.replace(), leading to stored SQL injection when a user with dataset read permission accesses the dataset. This exploit potentially compromises the integrity of the database and allows unauthorized data manipulation.
Affected Version(s)
dataease < 2.10.23
