Arbitrary file upload in Dataease

CVE-2026-50124

DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase can be exploited by uploading payload.zip through the Excel upload API /datasource/upload, creating an H2 datasource that uses the zip: protocol, a…

Vulnerability class: Unrestricted File Upload

Affected products

Weakness classification (CWE)

References