SQL Injection in Dataease
CVE-2026-33207
DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorpora…
Vulnerability class: SQL Injection
EPSS: 0.000 (12.0th percentile) — read the EPSS interpretation.
Affected products
- Dataease — versions < 2.10.21
Weakness classification (CWE)
References
- https://github.com/dataease/dataease/security/advisories/GHSA-pgh3-rgw3-xjmm (x_refsource_CONFIRM)
- https://github.com/dataease/dataease/releases/tag/v2.10.21 (x_refsource_MISC)