CVE-2026-45534 in DataEaseinfo

Summary

by MITRE • 07/15/2026

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase Redshift datasource connections can load attacker-controlled rsjdbc.ini configuration from System.getProperty("java.io.tmpdir"), setting socketFactory=org.springframework.context.support.FileSystemXmlApplicationContext so com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate execute a reflection-based remote code execution chain during a normal JDBC connection through io.dataease.datasource.type.Redshift. This issue is fixed in version 2.10.23.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/15/2026

The vulnerability in DataEase affects versions prior to 2.10.23 and specifically targets the Redshift datasource connection functionality within the open source data visualization and analysis platform. This flaw represents a critical remote code execution vulnerability that leverages insecure deserialization patterns combined with reflective instantiation mechanisms to allow attackers to execute arbitrary code on affected systems. The vulnerability stems from improper input validation and unsafe handling of configuration files during the JDBC connection establishment process, creating an attack surface where malicious actors can inject crafted configuration data that gets processed through reflection-based instantiation chains.

The technical exploitation occurs when DataEase attempts to establish a connection to a Redshift datasource, specifically through the io.dataease.datasource.type.Redshift class. During this process, the system loads a configuration file named rsjdbc.ini from the temporary directory specified by System.getProperty("java.io.tmpdir"). This configuration file contains attacker-controlled content that sets the socketFactory property to org.springframework.context.support.FileSystemXmlApplicationContext, which then triggers a chain of reflective method invocations. The execution flow involves com.amazon.redshift.Driver#connect, com.amazon.redshift.Driver#getJdbcIniFile, and com.amazon.redshift.util.ObjectFactory#instantiate methods working together through reflection to execute arbitrary code on the target system.

This vulnerability impacts the core data connectivity functionality of DataEase and provides attackers with complete remote code execution capabilities on systems running vulnerable versions. The attack requires no authentication for the database connection itself but relies on the ability to write malicious configuration files to the temporary directory, which is often accessible to unprivileged users or applications. The reflected nature of this vulnerability means that any application using the affected DataEase version can be exploited, potentially compromising entire data analysis platforms and exposing sensitive data processing environments. The implications extend beyond simple code execution as attackers can leverage this to establish persistent access, escalate privileges, or use the compromised system as a pivot point for further attacks within networked environments.

The vulnerability aligns with CWE-502 which describes unsafe deserialization and CWE-78 which covers OS command injection through reflection-based mechanisms. From an ATT&CK perspective, this represents a technique for privilege escalation and persistence through code execution, potentially mapping to T1059.007 for command and script injection and T1566 for social engineering through malicious configuration files. Organizations should immediately upgrade to DataEase version 2.10.23 or later to remediate this vulnerability, as the fix addresses the insecure loading of external configuration files and implements proper input validation for JDBC connection parameters. Additional mitigations include restricting write permissions to temporary directories, monitoring for suspicious rsjdbc.ini file creation, and implementing network segmentation to limit access to DataEase installations.

The exploitation chain demonstrates a sophisticated attack pattern that combines multiple security weaknesses including unsafe temporary file handling, reflection-based code execution, and insecure configuration management. This vulnerability highlights the importance of validating and sanitizing all external input sources, particularly when dealing with database connection parameters and configuration files that may be processed through reflective mechanisms. The fact that this vulnerability exists within an open source tool underscores the need for community-wide security awareness and rapid response to security advisories in the open source ecosystem. Organizations should conduct comprehensive security assessments of their DataEase deployments and ensure all related components are updated to prevent exploitation of this critical remote code execution vulnerability.

Responsible

GitHub M

Reservation

05/12/2026

Disclosure

07/15/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!