CVE-2026-55635 in DataEaseinfo

Summary

by MITRE • 07/08/2026

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL literal validation and escaping used by other filter paths, allowing an authenticated user who can create or modify chart definitions or submit chart data requests containing quota filters to inject SQL into queries executed against configured datasources. This issue is fixed in version 2.10.24.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/08/2026

This vulnerability affects DataEase versions prior to 2.10.24 and represents a critical sql injection flaw that stems from improper input validation within the chart quota and y-axis filter processing logic. The vulnerability specifically exists in the Quota2SQLObj.getYWheres() method where attacker-controlled filter values are directly embedded into generated sql queries without proper sanitization or escaping mechanisms that are employed in other filter processing paths within the application.

The technical implementation of this flaw allows authenticated users with privileges to create or modify chart definitions to inject malicious sql code through quota filters. When users submit chart data requests containing quota filters, the system processes these inputs through the vulnerable YWheres method which fails to apply the same sql literal validation and escaping that other filter paths utilize. This inconsistency creates a vector where attackers can manipulate the sql query execution against configured data sources by injecting malicious sql fragments directly into the quota and y-axis filter parameters.

The operational impact of this vulnerability extends beyond simple data exfiltration as it enables authenticated attackers to potentially execute arbitrary sql commands against the underlying database systems. Attackers could leverage this vulnerability to access sensitive data, modify database contents, escalate privileges within the application, or even gain deeper access to the underlying infrastructure depending on the database permissions granted to the DataEase application user. The vulnerability affects all chart definitions that utilize quota filters and y-axis filtering capabilities, making it particularly dangerous in environments where multiple users can create and modify dashboards.

This vulnerability maps directly to CWE-89 which defines sql injection as the insertion of malicious sql code into an application's sql execution point, and aligns with ATT&CK technique T1071.004 for application layer protocol manipulation. The weakness demonstrates poor input validation practices and inconsistent security controls within the application's query generation system. Organizations should immediately upgrade to DataEase version 2.10.24 or later where the vulnerability has been addressed through proper sql literal escaping and validation mechanisms that ensure all user-controlled inputs are properly sanitized before being incorporated into generated sql queries. The fix implements consistent input validation across all filter processing paths, eliminating the discrepancy that previously allowed malicious sql injection payloads to bypass security controls.

Responsible

GitHub M

Reservation

06/17/2026

Disclosure

07/08/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!