Description
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code execution. The Redshift JDBC driver execution flow reaches a method named getJdbcIniFile. The getJdbcIniFile method implements an aggressive automatic configuration file discovery mechanism. If not explicitly restricted, it searches for a file named rsjdbc.ini. In a JDBC URL context, users can explicitly specify the configuration file via URL parameters, which allows arbitrary files on the server to be loaded as JDBC configuration files. Within the Redshift JDBC driver properties, the parameter IniFile is explicitly supported and used to load an external configuration file. This vulnerability is fixed in 2.10.20.
Published: 2026-03-12
Score: 9.3 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch
AI Analysis

Impact

Dataease, an open source data visualization tool, has a critical flaw that allows an attacker to manipulate the IniFile parameter in a JDBC connection. This manipulation forces the Redshift JDBC driver to load an attacker‑controlled configuration file, which can inject dangerous JDBC properties. The result is remote code execution on the host running Dataease. The weakness is identified as CWE‑22 (Path Traversal). The vulnerability permits an attacker to execute arbitrary code with the privileges of the Dataease process, potentially compromising the entire system and data exposed by the tool.

Affected Systems

All installations of Dataease with the Redshift JDBC driver that are running a version prior to 2.10.20 are affected. The cpe string for the product is cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:* and the specific version range is any version older than 2.10.20. The issue was fixed in release 2.10.20.

Risk and Exploitability

The CVSS v3.1 score for this issue is 9.3, indicating Critical risk. The EPSS score is less than 1%, suggesting a low current probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Exploitation requires the attacker to supply a JDBC connection string that specifies an arbitrary configuration file; the attack surface is therefore likely limited to environments where users can control or influence JDBC URLs or data source configurations. Successful exploitation would allow arbitrary code execution with the application’s runtime privileges.

Generated by OpenCVE AI on March 18, 2026 at 14:55 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑supplied patch by upgrading Dataease to version 2.10.20 or later.

Generated by OpenCVE AI on March 18, 2026 at 14:55 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 13 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Fri, 13 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Dataease
Dataease dataease
Vendors & Products Dataease
Dataease dataease

Thu, 12 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Description Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code execution. The Redshift JDBC driver execution flow reaches a method named getJdbcIniFile. The getJdbcIniFile method implements an aggressive automatic configuration file discovery mechanism. If not explicitly restricted, it searches for a file named rsjdbc.ini. In a JDBC URL context, users can explicitly specify the configuration file via URL parameters, which allows arbitrary files on the server to be loaded as JDBC configuration files. Within the Redshift JDBC driver properties, the parameter IniFile is explicitly supported and used to load an external configuration file. This vulnerability is fixed in 2.10.20.
Title Dataease: Redshift JDBC RCE Bypass
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Dataease Dataease
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-13T16:21:15.825Z

Reserved: 2026-03-10T22:19:36.546Z

Link: CVE-2026-32140

cve-icon Vulnrichment

Updated: 2026-03-13T16:20:54.598Z

cve-icon NVD

Status : Modified

Published: 2026-03-12T18:16:25.573

Modified: 2026-03-13T19:54:40.230

Link: CVE-2026-32140

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T15:48:39Z

Weaknesses