SQL Injection in Dataease

CVE-2026-45320

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase dashboard SQL variables such as ${deptId} are processed by SqlparserUtils.transFilter(), whose final branch returns raw user input for non-in and n…

Vulnerability class: SQL Injection

Affected products

Weakness classification (CWE)

References