SQL Injection in Dataease

CVE-2026-55635

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, chart quota and Y-axis filters embed attacker-controlled filter values directly into generated SQL in Quota2SQLObj.getYWheres() without applying the SQL lit…

Vulnerability class: SQL Injection

Affected products

Weakness classification (CWE)

References