๐Ÿ” CVE Alert

CVE-2026-53729

UNKNOWN 0.0

DataEase ExportCenter IDOR allows cross-user export task access

CVSS Score
0.0
EPSS Score
0.4%
EPSS Percentile
31th

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, any authenticated user can download (/exportCenter/download/{id}), delete (/exportCenter/delete), retry (/exportCenter/retry/{id}), or generate download links (/exportCenter/generateDownloadUri/{id}) for export tasks belonging to other users by manipulating the task ID parameter, and the /exportCenter/download/{id} endpoint is whitelisted from authentication, allowing unauthenticated access to exported files. This issue is fixed in version 2.10.24.

CWE CWE-639
Vendor dataease
Product dataease
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for dataease dataease

Be the first to know when new unknown vulnerabilities affecting dataease dataease are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

dataease / dataease
< 2.10.24

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dataease/dataease/security/advisories/GHSA-9423-78gr-xjj5 github.com: https://github.com/dataease/dataease/commit/57e90bdcc21c3fa2ec57184671603ad88a5b941b github.com: https://github.com/dataease/dataease/releases/tag/v2.10.24