Authorization Vulnerability in DataEase Data Visualization Tool
CVE-2026-53729

8.7HIGH

Key Information:

Vendor

Dataease

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-53729?

DataEase, an open source data visualization and analysis tool, has an authorization bypass vulnerability that allows any authenticated user to access and manipulate export tasks belonging to other users. By exploiting the task ID parameter, users can download, delete, retry, or generate download links for these tasks without proper authorization. Specifically, the endpoint for downloading exported files is not secured and allows unauthenticated access, posing a significant risk of data leakage. This security issue has been addressed in version 2.10.24 of the software.

Affected Version(s)

dataease < 2.10.24

References

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.