Skip to main content

DataEase EUVDEUVD-2026-44775

| CVE-2026-45534 CRITICAL
Code Injection (CWE-94)
2026-07-15 GitHub_M
9.0
CVSS 4.0 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
9.0 CRITICAL
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.5 HIGH

Authenticated operator can trigger it (PR:L), but staging rsjdbc.ini in tmpdir raises complexity (AC:H); RCE escapes the app component into the host, so S:C with full C/I/A impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

4
Patch available
Jul 15, 2026 - 21:18 EUVD
Source Code Evidence Fetched
Jul 15, 2026 - 20:01 vuln.today
Analysis Generated
Jul 15, 2026 - 20:01 vuln.today
CVE Published
Jul 15, 2026 - 19:19 cve.org
CRITICAL 9.0

DescriptionCVE.org

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty("java.io.tmpdir"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23.

AnalysisAI

Reflection-based remote code execution in DataEase before 2.10.23 lets an authenticated operator who can configure a Redshift datasource achieve arbitrary code execution on the server. The Redshift JDBC driver loads an attacker-controlled rsjdbc.ini from the system temp directory and honors a malicious socketFactory pointing at Spring's FileSystemXmlApplicationContext, turning a normal JDBC connection into a code-execution chain. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as low-privileged DataEase user
Delivery
Stage malicious rsjdbc.ini in java.io.tmpdir
Exploit
Configure Redshift datasource with poisoned config
Execution
Driver reads rsjdbc.ini, sets Spring socketFactory
Persist
ObjectFactory reflectively loads XML bean context
Impact
Execute arbitrary code on server

Vulnerability AssessmentAI

Exploitation Exploitation requires: (1) a low-privileged authenticated DataEase account (PR:L) capable of creating/configuring a Redshift datasource through io.dataease.datasource.type.Redshift; (2) an attacker-controlled rsjdbc.ini placed in the path returned by System.getProperty("java.io.tmpdir") on the DataEase server; and (3) that rsjdbc.ini setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext to trigger com.amazon.redshift.util.ObjectFactory#instantiate during connect. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 4.0 vector (AV:N/AC:H/AT:P/PR:L/UI:N, all impacts High, subsequent-system impacts High) scores 9.0 Critical, but the qualitative signals matter more than the number: AC:H and AT:P mean the attack is not trivial or automatable - the attacker must both possess a low-privilege DataEase account able to create a Redshift datasource (PR:L) and stage a malicious rsjdbc.ini in the server's java.io.tmpdir. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A low-privileged DataEase user who can add data sources plants a crafted rsjdbc.ini in the server's temp directory that sets socketFactory to Spring's FileSystemXmlApplicationContext referencing a malicious bean XML, then configures and tests a Redshift datasource. When DataEase opens the JDBC connection, the Redshift driver instantiates the Spring context via reflection and executes the attacker's code on the server. …
Remediation Vendor-released patch: 2.10.23 - upgrade DataEase to 2.10.23 or later, which per the fix commit (3e58149f1e014b1a7ae2c12134b37ae438f676ac) hardens startup by setting AMAZON_REDSHIFT_JDBC_INI_FILE, user.home, and java.io.tmpdir to "null" so the Redshift driver no longer loads an attacker-controlled rsjdbc.ini. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all DataEase deployments in your environment and determine their current versions to assess exposure. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2025-49003 CRITICAL POC
9.8 Jun 26

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor m

CVE-2025-49002 CRITICAL POC
9.8 Jun 03

Auth bypass in DataEase via CVE-2025-49001 patch evasion. PoC available.

CVE-2025-49001 CRITICAL POC
9.8 Jun 03

Auth bypass in DataEase BI tool before 2.10.10.

CVE-2025-53005 CRITICAL POC
9.8 Jul 01

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

CVE-2025-53004 CRITICAL POC
9.8 Jun 30

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

CVE-2025-53006 CRITICAL POC
9.8 Jul 02

A remote code execution vulnerability in DataEase (CVSS 9.8). Risk factors: public PoC available.

CVE-2026-23958 CRITICAL POC
9.8 Jan 22

DataEase data visualization tool prior to 2.10.19 uses MD5-hashed passwords without salting, allowing attackers to crack

CVE-2024-46997 CRITICAL POC
9.8 Sep 23

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2023-37258 CRITICAL POC
9.8 Jul 25

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r

CVE-2023-33963 CRITICAL POC
9.8 Jun 01

DataEase is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2023-28437 CRITICAL POC
9.8 Mar 25

Dataease is an open source data visualization and analysis tool. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2022-39312 CRITICAL POC
9.8 Oct 25

Dataease is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is r

Share

EUVD-2026-44775 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy