Vulnerability in Man-group Dtale

CVE-2026-27194

D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing…

EPSS: 0.001 (34.9th percentile) — read the EPSS interpretation.

Affected products

Man-group Dtale — versions < 3.20.0

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2 (x_refsource_CONFIRM)
https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746 (x_refsource_MISC)