DataEase Open Source Visualization Tool Vulnerability
CVE-2026-50530
7.1HIGH
What is CVE-2026-50530?
DataEase is an open source data visualization and analysis tool that, prior to version 2.10.24, contains a security flaw in its share mode chart data interface. The vulnerability arises because the system only checks if the sceneId matches the resourceId in the link token, neglecting to validate whether the tableId and field IDs in the request body correspond to the shared resource. This oversight can be exploited by an attacker with a valid share link token, enabling them to manipulate dataset identifiers and access unauthorized data through the POST /de2api/chartData/getData endpoint. The issue has been resolved in the latest release, version 2.10.24.
Affected Version(s)
dataease < 2.10.24
