Vulnerability in DataEase Open Source Tool Allows Forged Token Acceptance
CVE-2026-46684
9.5CRITICAL
What is CVE-2026-46684?
DataEase, an open source data visualization and analysis tool, has a significant security flaw in its token handling mechanism before version 2.10.23. The flaw occurs in the processing of authentication tokens, where improper checks allow X-DE-TOKEN values to bypass signature verification. This vulnerability permits attackers to generate forged tokens with arbitrary user IDs and organization IDs, thus potentially gaining unauthorized access when the license validation is enabled. It is crucial for users of DataEase to upgrade to version 2.10.23 or later to mitigate this risk.
Affected Version(s)
dataease < 2.10.23
