Skip to main content

DataEase CVE-2026-45417

| EUVDEUVD-2026-44776 HIGH
SQL Injection (CWE-89)
2026-07-15 GitHub_M
8.7
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
8.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.3 HIGH

Network-reachable API with low complexity and no UI, but requires an authenticated user able to edit datasource config (PR:L); high confidentiality/integrity on the backend DB, low availability.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jul 15, 2026 - 21:18 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 20:02 vuln.today
Analysis Generated
Jul 15, 2026 - 20:02 vuln.today
CVE Published
Jul 15, 2026 - 19:20 cve.org
HIGH 8.7

DescriptionCVE.org

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase datasource connection status checks concatenate configuration.getSchema() into getTablesSql and execute the resulting SQL with executeQuery in io.dataease.datasource.provider.CalciteProvider#checkStatus, allowing SQL injection against DB2, SQL Server, PostgreSQL, and other affected datasources. This issue is fixed in version 2.10.23.

AnalysisAI

SQL injection in DataEase before 2.10.23 lets an authenticated low-privilege user compromise the backend datasource by abusing the datasource connection-status check, where io.dataease.datasource.provider.CalciteProvider#checkStatus concatenates the user-controlled configuration.getSchema() value into getTablesSql and runs it via executeQuery. Because the schema/owner string is embedded directly into metadata queries for DB2, SQL Server, PostgreSQL, Oracle and other datasources, an attacker who can create or edit a datasource can inject arbitrary SQL and read or alter data on the connected database. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged DataEase user
Delivery
Create or edit datasource with malicious schema value
Exploit
Trigger connection status/table check
Execution
Schema concatenated into metadata SQL
Persist
executeQuery runs injected SQL on target DB
Impact
Read or alter backend database data

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated DataEase account (CVSS PR:L) that can create or edit a datasource configuration and control the 'schema' field, then invoke the datasource connection status check (CalciteProvider#checkStatus) or table enumeration, which executes the schema value as SQL. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor-supplied CVSS 4.0 vector (8.7, AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:L) indicates a network-reachable, low-complexity attack that requires some authentication (PR:L) and no user interaction, with high confidentiality and integrity impact and low availability impact - consistent with reading/modifying data on the connected database rather than crashing it. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged but authenticated DataEase user with rights to add or edit a datasource sets a malicious 'schema' value containing SQL syntax, then triggers the connection status check or table listing. DataEase concatenates that schema into the metadata query and executes it against the connected DB2/SQL Server/PostgreSQL/Oracle database, letting the attacker exfiltrate or modify data via injected SQL. …
Remediation Vendor-released patch: upgrade to DataEase 2.10.23 or later, which is the fixed release per the advisory (https://github.com/dataease/dataease/releases/tag/v2.10.23) and commit f1c7204da1787ef812ee23cd3d51a1824126c1fb that replaces concatenated schema values with parameterized PreparedStatements. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: audit and document all DataEase users with datasource creation or editing permissions; identify which users have accessed this functionality. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-1094 HIGH POC
8.1 Feb 13

PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperl

CVE-2024-55964 CRITICAL POC
9.8 Mar 26

An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl

CVE-2013-1899 MEDIUM POC
6.5 Apr 04

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows re

CVE-2026-20253 CRITICAL POC
9.8 Jun 10

Unauthenticated arbitrary file write in Splunk Enterprise (below 10.2.4 and 10.0.7) and Splunk Cloud Platform (below 10.

CVE-2017-7546 CRITICAL
9.8 Aug 16

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to incorrect authentication flaw allow

CVE-2015-1352 MEDIUM POC
5.0 Mar 30

The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate t

CVE-2024-10553 CRITICAL POC
9.8 Mar 20

A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitra

CVE-2019-9193 HIGH POC
7.2 Apr 01

In PostgreSQL 9.3 through 11.2, the "COPY TO/FROM PROGRAM" function allows superusers and users in the 'pg_execute_serve

CVE-2026-40887 CRITICAL POC
9.1 Apr 14

## Summary An unauthenticated SQL injection vulnerability exists in the Vendure Shop API. A user-controlled query strin

CVE-2022-24760 CRITICAL POC
10.0 Mar 12

Parse Server is an open source http web server backend. Rated critical severity (CVSS 10.0), this vulnerability is remot

CVE-2025-56157 CRITICAL POC
9.8 Dec 18

Hard-coded default PostgreSQL credentials shipped in the docker-compose.yaml of langgenius Dify through version 1.5.1 al

CVE-2024-12909 CRITICAL POC
9.8 Mar 20

A vulnerability in the FinanceChatLlamaPack of the run-llama/llama_index repository, versions up to v0.12.3, allows for

Share

CVE-2026-45417 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy