Skip to main content

DataEase CVE-2026-50124

| EUVDEUVD-2026-44780 HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-07-15 GitHub_M
7.1
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
7.1 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.8 HIGH

Network-reachable API, low complexity, requires a low-privilege authenticated account (PR:L), no user interaction, and yields arbitrary code execution giving full C/I/A impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jul 15, 2026 - 21:18 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 20:04 vuln.today
Analysis Generated
Jul 15, 2026 - 20:04 vuln.today
CVE Published
Jul 15, 2026 - 19:38 cve.org
HIGH 7.1

DescriptionCVE.org

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, and executing an SQL dataset path where CalciteProvider.jdbcFetchResultField calls statement.executeQuery(), causing precompiled Java aliases in test.mv.db to execute arbitrary code. This issue is fixed in version 2.10.23.

AnalysisAI

Remote authenticated code execution in DataEase before 2.10.23 lets a low-privileged user abuse the Excel/datasource upload workflow to run arbitrary Java. By uploading a crafted payload.zip via /datasource/upload and defining an H2 datasource that references the archive through the zip: protocol, an attacker forces CalciteProvider.jdbcFetchResultField to execute a query that triggers precompiled Java aliases embedded in test.mv.db. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privilege user
Delivery
Upload malicious payload.zip via /datasource/upload
Exploit
Create H2 datasource using zip: protocol
Execution
Execute SQL dataset triggering executeQuery()
Impact
Precompiled Java aliases run arbitrary code on server

Vulnerability AssessmentAI

Exploitation Requires an authenticated DataEase account with permission to reach /datasource/upload and to create datasources (CVSS PR:L - a low-privilege user, not an anonymous visitor). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment This is a genuine priority rather than a paper high-CVSS issue: the attack yields arbitrary Java code execution over the network at low complexity, limited only by the need for an authenticated low-privilege account (CVSS 4.0 AV:N/AC:L/AT:N/PR:L/UI:N). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A user with a low-privilege DataEase account uploads a crafted payload.zip through the Excel/datasource upload API, then defines an H2 datasource whose JDBC URL points into that archive via the zip: protocol so H2 loads a malicious test.mv.db containing precompiled Java aliases. When the attacker runs an SQL dataset against that datasource, CalciteProvider.jdbcFetchResultField calls statement.executeQuery(), triggering the aliases and executing arbitrary code on the server. …
Remediation Vendor-released patch: upgrade to DataEase 2.10.23 or later, which introduces JdbcUrlSecurityPolicy and driver-class validation (commits 304104d70e27a97f8909981f56209edc117dc285 and a7bffa795cb0ca041dce0effe68479cf3bf13db1) to constrain which drivers and JDBC URLs a datasource may use; follow the advisory at https://github.com/dataease/dataease/security/advisories/GHSA-cjmg-jqmc-xj5v. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: identify all DataEase deployments and current versions, then restrict datasource upload and creation permissions to trusted administrators only-disable the feature entirely if business operations allow. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More in Java

View all
CVE-2012-4681 CRITICAL POC
9.8 Aug 28

Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName m

CVE-2015-7450 CRITICAL POC
9.8 Jan 02

Remote code execution in IBM Sterling B2B Integrator, Sterling Integrator, and Tivoli Common Reporting allows unauthenti

CVE-2013-2465 CRITICAL POC
9.8 Jun 18

Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthent

CVE-2011-3544 CRITICAL POC
9.8 Oct 19

Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise throug

CVE-2010-1871 HIGH POC
8.8 Aug 05

JBoss Seam 2 in Red Hat JBoss EAP 4.3.0 fails to sanitize JBoss Expression Language inputs, allowing remote attackers to

CVE-2012-1723 CRITICAL POC
9.8 Jun 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 up

CVE-2013-0422 CRITICAL POC
9.8 Jan 10

Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using

CVE-2012-0507 CRITICAL POC
9.8 Jun 07

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Up

CVE-2015-4852 CRITICAL POC
9.8 Nov 18

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers

CVE-2012-5076 CRITICAL POC
9.8 Oct 16

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allow

CVE-2017-3066 CRITICAL POC
9.8 Apr 27

Remote unauthenticated attackers can execute arbitrary code on Adobe ColdFusion servers through Java deserialization fla

CVE-2012-0391 CRITICAL POC
9.8 Jan 08

The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during

Share

CVE-2026-50124 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy