CVE-2026-45320

Summary

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and non-between operators before SubstitutedSql.replace("${var}", value) splices it into dashboard SQL, allowing authenticated users who can view a dashboard to inject SQL against integrated datasources. This issue is fixed in version 2.10.23

Affected Software

VendorProductVersion RangeStatus
dataeasedataease< 2.10.23affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

References