Path Traversal in Dataease

CVE-2026-32140

Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can injec…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.006 (70.7th percentile) — read the EPSS interpretation.

Affected products

Dataease — versions < 2.10.20

Weakness classification (CWE)

CWE-22 — Path Traversal

References

https://github.com/dataease/dataease/security/advisories/GHSA-jc9q-3jfw-mch4 (x_refsource_CONFIRM)