CVE-2026-45419
DataEase · DataEase
DataEase contains a path traversal vulnerability that allows authenticated users to access or manipulate restricted files on the underlying system.
Executive summary
DataEase versions prior to 2.10.23 are susceptible to path traversal attacks, which could allow an authenticated attacker to compromise system file integrity.
Vulnerability
The application fails to properly limit pathnames to restricted directories, resulting in a path traversal vulnerability. This issue requires the attacker to hold authenticated privileges to reach the vulnerable file-handling functions.
Business impact
An attacker successfully exploiting this vulnerability could gain unauthorized access to sensitive configuration files or system data. With a CVSS score of 8.5, the risk of significant data exposure or system compromise is high, potentially impacting the confidentiality and integrity of the data visualization platform.
Remediation
Immediate Action: Upgrade DataEase to version 2.10.23 or newer to remediate the path traversal flaw.
Proactive Monitoring: Monitor system logs for file access requests containing directory traversal sequences, such as double dots or encoded separators.
Compensating Controls: Deploy a Web Application Firewall (WAF) with rules configured to detect and block path traversal patterns in incoming HTTP requests.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
Path traversal vulnerabilities are critical security failures that can lead to full system compromise. Organizations must update their DataEase installations to the patched version immediately to ensure the security of their data environment.