CVE-2026-45419

DataEase · DataEase

DataEase contains a path traversal vulnerability that allows authenticated users to access or manipulate restricted files on the underlying system.

Executive summary

DataEase versions prior to 2.10.23 are susceptible to path traversal attacks, which could allow an authenticated attacker to compromise system file integrity.

Vulnerability

The application fails to properly limit pathnames to restricted directories, resulting in a path traversal vulnerability. This issue requires the attacker to hold authenticated privileges to reach the vulnerable file-handling functions.

Business impact

An attacker successfully exploiting this vulnerability could gain unauthorized access to sensitive configuration files or system data. With a CVSS score of 8.5, the risk of significant data exposure or system compromise is high, potentially impacting the confidentiality and integrity of the data visualization platform.

Remediation

Immediate Action: Upgrade DataEase to version 2.10.23 or newer to remediate the path traversal flaw.

Proactive Monitoring: Monitor system logs for file access requests containing directory traversal sequences, such as double dots or encoded separators.

Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to detect and block path traversal patterns in incoming HTTP requests.

Exploitation status

Public Exploit Available: Unknown

Analyst recommendation

Path traversal vulnerabilities are critical security failures that can lead to full system compromise. Organizations must update their DataEase installations to the patched version immediately to ensure the security of their data environment.