๐Ÿ” CVE Alert

CVE-2026-55633

UNKNOWN 0.0

DataEase H2 RCE via Zip Protocol & File Dropper Fix bypass

CVSS Score
0.0
EPSS Score
0.5%
EPSS Percentile
39th

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a bypass of the H2 zip protocol and file dropper fix allows an authenticated attacker to upload a zip archive disguised with a .ttf extension through FontManage.saveFile and then exploit it through the zip protocol to achieve remote code execution. This issue is fixed in version 2.10.24.

CWE CWE-434
Vendor dataease
Product dataease
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for dataease dataease

Be the first to know when new unknown vulnerabilities affecting dataease dataease are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

dataease / dataease
< 2.10.24

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dataease/dataease/security/advisories/GHSA-8x36-774q-pwqg github.com: https://github.com/dataease/dataease/commit/265b31179f1427c059f739841f2e39aaa6d1b937 github.com: https://github.com/dataease/dataease/commit/8892a6945b0b7a329a156155270fae58afa895bc github.com: https://github.com/dataease/dataease/releases/tag/v2.10.24