๐Ÿ” CVE Alert

CVE-2026-57172

UNKNOWN 0.0

DataEase: Hardcoded JWT Signing Secret in ShareLink

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
21th

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, ShareSecretManage uses a hardcoded default share link signature key, allowing an attacker who can obtain a passwordless share for a resource and user to use the known key link-pwd-fit2cloud to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator even if the original share has been revoked. This issue is fixed in version 2.10.24.

CWE CWE-321 CWE-798
Vendor dataease
Product dataease
Published Jul 7, 2026
Last Updated Jul 8, 2026
Stay Ahead of the Next One

Get instant alerts for dataease dataease

Be the first to know when new unknown vulnerabilities affecting dataease dataease are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

dataease / dataease
< 2.10.24

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/dataease/dataease/security/advisories/GHSA-7cpg-f4cj-7pgm github.com: https://github.com/dataease/dataease/commit/356e83b518603f5612104760ced80aae8fc5d675