Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2026-40899— DataEase has an Arbitrary File Read Vulnerability

EPSS 0.04% · P11
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-40899

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
DataEase has an Arbitrary File Read Vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a JDBC parameter blocklist bypass vulnerability in the MySQL datasource configuration. The Mysql class uses Lombok's @Data annotation, which auto-generates a public setter for the illegalParameters field that contains the JDBC security blocklist. When a datasource configuration is submitted as JSON, Jackson deserialization calls setIllegalParameters with an attacker-supplied empty list, replacing the blocklist before getJdbc() validation runs. This allows an authenticated attacker to include dangerous JDBC parameters such as allowLoadLocalInfile=true, and by pointing the datasource at a rogue MySQL server, exploit the LOAD DATA LOCAL INFILE protocol feature to read arbitrary files from the DataEase server filesystem, including sensitive environment variables and database credentials. This issue has been fixed in version 2.10.21.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
宽松定义的白名单
Source: NVD (National Vulnerability Database)
Vulnerability Title
DataEase 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
DataEase是DataEase开源的一个开源的数据可视化分析工具。用于帮助用户快速分析数据并洞察业务趋势,从而实现业务的改进与优化。 DataEase 2.10.20及之前版本存在安全漏洞,该漏洞源于MySQL数据源配置中的JDBC参数黑名单可被绕过,允许经过身份验证的攻击者包含危险的JDBC参数,并通过指向恶意MySQL服务器利用LOAD DATA LOCAL INFILE协议功能读取DataEase服务器文件系统中的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
dataeasedataease < 2.10.21 -

II. Public POCs for CVE-2026-40899

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-40899

登录查看更多情报信息。

Same Patch Batch · dataease · 2026-04-16 · 9 CVEs total

CVE-2026-40900DataEase has SQL Injection via Stacked Queries
CVE-2026-40901DataEase: Quartz Deserialization → Remote Code Execution
CVE-2026-33083DataEase has SQL Injection in Order By Clause
CVE-2026-33122DataEase has SQL Injection via Datasource Management
CVE-2026-33082DataEase: SQL Injection in v2 Dataset Export
CVE-2026-33207DataEase SQL Injection Vulnerability
CVE-2026-33121DataEase has SQL Injection via Datasource Save Flow
CVE-2026-33084DataEase has SQL Injection through its getFieldEnumObj Endpoint

IV. Related Vulnerabilities

Same product: dataease
Same vendor: dataease
Same weakness: CWE-183

V. Comments for CVE-2026-40899

No comments yet

Leave a comment