DataEase: SQL Injection in v2 Dataset Export_CVE-2026-33082

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2Str.transFilterTrees for SQL translation, where user-controlled values in "like" filter terms are directly concatenated into SQL fragments without sanitization. An attacker can inject arbitrary SQL commands by escaping the string literal in the filter value, enabling blind SQL injection through techniques such as time-based extraction of database information. This issue has been fixed in version 2.10.21.

AI Analysis

SQL injection vulnerability in dataset export functionality

Basic Information

ID CVE-2026-33082

Source GitHub_M

Published Apr 16, 2026 at 17:39

Modified Apr 16, 2026 at 18:41

Affected Product

Vendor dataease

Product dataease

Version < 2.10.21

Affected Versions dataease dataease < 2.10.21

CWE Classification

CWE-89

AI Assessment

AI Score 8.7 / 10

AI Severity High

Vendor DataEase

Product DataEase

Version 2.10.20 and below

References

{
    "lastseen": "",
    "description": "DataEase is an open source data visualization analysis tool. Versions 2.10.20 and below contain a SQL injection vulnerability in the dataset export functionality. The expressionTree parameter in POST /de2api/datasetTree/exportDataset is deserialized into a filtering object and passed to WhereTree2Str.transFilterTrees for SQL translation, where user-controlled values in \"like\" filter terms are directly concatenated into SQL fragments without sanitization. An attacker can inject arbitrary SQL commands by escaping the string literal in the filter value, enabling blind SQL injection through techniques such as time-based extraction of database information. This issue has been fixed in version 2.10.21.",
    "published": "2026-04-16T17:39:37.894Z",
    "modified": "2026-04-16T18:41:46.111Z",
    "type": "cve",
    "title": "DataEase: SQL Injection in v2 Dataset Export",
    "source": "GitHub_M",
    "references": "https://github.com/dataease/dataease/security/advisories/GHSA-xxpw-2c8q-g693\nhttps://github.com/dataease/dataease/releases/tag/v2.10.21",
    "id": "CVE-2026-33082",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "dataease dataease < 2.10.21",
    "sourceHref": "",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dataease",
    "version": "< 2.10.21",
    "vendor": "dataease",
    "ai_description": "SQL injection vulnerability in dataset export functionality",
    "ai_severity": "High",
    "ai_vendor": "DataEase",
    "ai_product": "DataEase",
    "ai_version": "2.10.20 and below",
    "ai_score": 8.7
}