Vulnerability in Dataease

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase() w…

EPSS: 0.001 (24.0th percentile) — read the EPSS interpretation.

Affected products

Dataease — versions < 2.10.20

Weakness classification (CWE)

CWE-178 — Improper Handling of Case Sensitivity

References

https://github.com/dataease/dataease/security/advisories/GHSA-pj7p-3m49-52qq (x_refsource_CONFIRM)
https://github.com/dataease/dataease/commit/8f1c21834a620d37dafb3fa24605c059d0a5b80d (x_refsource_MISC)
https://github.com/dataease/dataease/releases/tag/v2.10.20 (x_refsource_MISC)