๐Ÿ” CVE Alert

CVE-2026-45419

UNKNOWN 0.0

DataEase: Arbitrary File Write Vulnerability

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template saves call TemplateManageService#save, StaticResourceServer#saveFilesToServe, and the /de2api/templateManage/save endpoint with attacker-controlled staticResource names and Base64 content, allowing path traversal and arbitrary file writes because only / was used when extracting the file name. This issue is fixed in version 2.10.23.

CWE CWE-22
Vendor dataease
Product dataease
Published Jul 15, 2026
Stay Ahead of the Next One

Get instant alerts for dataease dataease

Be the first to know when new unknown vulnerabilities affecting dataease dataease are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

dataease / dataease
< 2.10.23

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dataease/dataease/security/advisories/GHSA-83fh-fgh3-g9f9 github.com: https://github.com/dataease/dataease/commit/d34f413ef047bd275909d67310d200cbc8ae31ba github.com: https://github.com/dataease/dataease/releases/tag/v2.10.23