{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-33207", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-17T23:23:58.312Z", "datePublished": "2026-04-16T19:37:36.197Z", "dateUpdated": "2026-04-16T19:37:36.197Z"}, "containers": {"cna": {"title": "DataEase SQL Injection Vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "lang": "en", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/dataease/dataease/security/advisories/GHSA-pgh3-rgw3-xjmm", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/dataease/dataease/security/advisories/GHSA-pgh3-rgw3-xjmm"}, {"name": "https://github.com/dataease/dataease/releases/tag/v2.10.21", "tags": ["x_refsource_MISC"], "url": "https://github.com/dataease/dataease/releases/tag/v2.10.21"}], "affected": [{"vendor": "dataease", "product": "dataease", "versions": [{"version": "< 2.10.21", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-16T19:37:36.197Z"}, "descriptions": [{"lang": "en", "value": "DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query strings using String.format without parameterization or sanitization. Although DatasourceServer.java validates that the table name exists in the datasource, an attacker can bypass this by first registering an API datasource with a malicious deTableName, which is then returned by getTables and passes the validation check. An authenticated attacker can execute arbitrary SQL commands, enabling error-based extraction of sensitive database information. This issue has been fixed in version 2.10.21."}], "source": {"advisory": "GHSA-pgh3-rgw3-xjmm", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /datasource/getTableField endpoint. The getTableFiledSql method in CalciteProvider.java incorporates the tableName parameter directly into SQL query strings using String.format without parameterization or sanitization. Although DatasourceServer.java validates that the table name exists in the datasource, an attacker can bypass this by first registering an API datasource with a malicious deTableName, which is then returned by getTables and passes the validation check. An authenticated attacker can execute arbitrary SQL commands, enabling error-based extraction of sensitive database information. This issue has been fixed in version 2.10.21."}], "id": "CVE-2026-33207", "lastModified": "2026-04-16T20:16:38.797", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-16T20:16:38.797", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/dataease/dataease/releases/tag/v2.10.21"}, {"source": "security-advisories@github.com", "url": "https://github.com/dataease/dataease/security/advisories/GHSA-pgh3-rgw3-xjmm"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.10.21)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dataease", "source": "cna", "vendor": "dataease"}, "product": "dataease", "vendor": "dataease"}], "analysis": {"en": {"generated_at": "2026-04-16T20:50:32.781010+00:00", "value": {"mitigation_remediation": ["Apply upgrade to DataEase version 2.10.21 or later to address the SQL injection vulnerability.", "Restrict API datasource creation and access to authorized users only to prevent malicious datasource registration.", "Monitor system logs for unexpected getTableField requests and investigate any unauthorized data extraction attempts."], "summary": {"action": "Apply Patch", "impact": "SQL injection enabling execution of arbitrary queries and extraction of sensitive data"}, "threat_synthesis": {"affected_systems": "DataEase data visualization and analytics platform, versions 2.10.20 and earlier. The product is identified as DataEase by the CNA. No other vendor or product versions are affected.", "description_and_impact": "The vulnerability lies in the /datasource/getTableField endpoint where the tableName parameter is directly incorporated into a SQL statement without parameterization or sanitization. An attacker can craft a malicious datasource name that passes the validation check, leading to execution of arbitrary SQL commands and extraction of confidential information from the database. This represents a significant confidentiality threat. The weakness is an unchecked input used in query construction, corresponding to CWE\u201189.", "risk_and_exploitability": "The CVSS score of 8.6 denotes a high severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to be authenticated to the application, but the attacker can bypass the normal table name validation by first registering a malicious API datasource. Once the datasource is registered, a valid authenticated session can invoke the getTableField endpoint and run arbitrary SQL. The attack vector is therefore an authorized user\u2019s request that has been tampered with to include malicious content."}}}}, "created": "2026-04-16T20:30:25.425774+00:00", "updated": "2026-04-16T21:00:10.982017+00:00", "vendors": ["dataease", "dataease$PRODUCT$dataease"]}