Remote Code Execution Vulnerability in DataEase by DataEase
CVE-2026-55633
8.7HIGH
What is CVE-2026-55633?
DataEase, an open-source data visualization and analysis tool, faced a security issue that allows authenticated attackers to bypass the H2 zip protocol protection. Prior to version 2.10.24, attackers could upload a zip archive disguised with a .ttf extension through the FontManage.saveFile feature. This exploit enables the execution of arbitrary code remotely through vulnerabilities in the zip protocol. Users are advised to upgrade to version 2.10.24 to maintain security and protect their systems.
Affected Version(s)
dataease < 2.10.24
