Authorization Vulnerability in DataEase Data Visualization Tool
CVE-2026-53729
8.7HIGH
What is CVE-2026-53729?
DataEase, an open source data visualization and analysis tool, has an authorization bypass vulnerability that allows any authenticated user to access and manipulate export tasks belonging to other users. By exploiting the task ID parameter, users can download, delete, retry, or generate download links for these tasks without proper authorization. Specifically, the endpoint for downloading exported files is not secured and allows unauthenticated access, posing a significant risk of data leakage. This security issue has been addressed in version 2.10.24 of the software.
Affected Version(s)
dataease < 2.10.24
