๐Ÿ” CVE Alert

CVE-2026-53751

UNKNOWN 0.0

DataEase: H2 JDBC URL Filter Bypass Leads to Remote Code Execution (RCE)

CVSS Score
0.0
EPSS Score
0.4%
EPSS Percentile
30th

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous parameters such as init in malicious H2 JDBC connection strings and achieve arbitrary code execution. This issue is fixed in version 2.10.24.

CWE CWE-94
Vendor dataease
Product dataease
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for dataease dataease

Be the first to know when new unknown vulnerabilities affecting dataease dataease are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

dataease / dataease
< 2.10.24

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dataease/dataease/security/advisories/GHSA-xjhm-r8p8-c2cg github.com: https://github.com/dataease/dataease/commit/2204258118eac6160a6636ca20dbedb0d3f95747 github.com: https://github.com/dataease/dataease/releases/tag/v2.10.24