Auth bypass in Dataease

CVE-2026-50530

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, a share mode chart data interface only validates that sceneId matches the resourceId in the link token and fails to validate whether tableId and field IDs i…

Vulnerability class: IDOR (Insecure Direct Object Reference)

Affected products

Weakness classification (CWE)

References