SQL Injection in Dataease

CVE-2026-45535

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase SQL-type datasets store attacker-controlled SQL variable defaultValue entries such as ${var} and SqlparserUtils.handleVariableDefaultValue() insert…

Vulnerability class: SQL Injection

Affected products

Weakness classification (CWE)

References