CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23958

Dataease is an open source data visualization analysis tool. Prior to version 2.10.19, DataEase uses the MD5 hash of the user’s password as the JWT signing secret. This deterministic secret derivation allows an attacker to brute-force the admin’s password by exploiting unmonitored API endpoints that verify JWT tokens. The vulnerability has been fixed in v2.10.19. No known workarounds are available.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.6%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2026-23958

Dataease » Dataease » Version: N/A

cpe:2.3:a:dataease:dataease:-
Dataease » Dataease » Version: 1.0.0

cpe:2.3:a:dataease:dataease:1.0.0
Dataease » Dataease » Version: 1.0.1

cpe:2.3:a:dataease:dataease:1.0.1
Dataease » Dataease » Version: 1.0.2

cpe:2.3:a:dataease:dataease:1.0.2
Dataease » Dataease » Version: 1.1.0

cpe:2.3:a:dataease:dataease:1.1.0
Dataease » Dataease » Version: 1.1.1

cpe:2.3:a:dataease:dataease:1.1.1
Dataease » Dataease » Version: 1.10.0

cpe:2.3:a:dataease:dataease:1.10.0
Dataease » Dataease » Version: 1.11.0

cpe:2.3:a:dataease:dataease:1.11.0
Dataease » Dataease » Version: 1.11.1

cpe:2.3:a:dataease:dataease:1.11.1
Dataease » Dataease » Version: 1.11.2

cpe:2.3:a:dataease:dataease:1.11.2
Dataease » Dataease » Version: 1.11.3

cpe:2.3:a:dataease:dataease:1.11.3
Dataease » Dataease » Version: 1.12.0

cpe:2.3:a:dataease:dataease:1.12.0
Dataease » Dataease » Version: 1.13.0

cpe:2.3:a:dataease:dataease:1.13.0
Dataease » Dataease » Version: 1.13.1

cpe:2.3:a:dataease:dataease:1.13.1
Dataease » Dataease » Version: 1.14.0

cpe:2.3:a:dataease:dataease:1.14.0
Dataease » Dataease » Version: 1.15.0

cpe:2.3:a:dataease:dataease:1.15.0
Dataease » Dataease » Version: 1.15.1

cpe:2.3:a:dataease:dataease:1.15.1
Dataease » Dataease » Version: 1.15.2

cpe:2.3:a:dataease:dataease:1.15.2
Dataease » Dataease » Version: 1.15.3

cpe:2.3:a:dataease:dataease:1.15.3
Dataease » Dataease » Version: 1.15.4

cpe:2.3:a:dataease:dataease:1.15.4
Dataease » Dataease » Version: 1.16.0

cpe:2.3:a:dataease:dataease:1.16.0
Dataease » Dataease » Version: 1.16.1

cpe:2.3:a:dataease:dataease:1.16.1
Dataease » Dataease » Version: 1.17.0

cpe:2.3:a:dataease:dataease:1.17.0
Dataease » Dataease » Version: 1.17.1

cpe:2.3:a:dataease:dataease:1.17.1
Dataease » Dataease » Version: 1.18.0

cpe:2.3:a:dataease:dataease:1.18.0
Dataease » Dataease » Version: 1.18.1

cpe:2.3:a:dataease:dataease:1.18.1
Dataease » Dataease » Version: 1.18.10

cpe:2.3:a:dataease:dataease:1.18.10
Dataease » Dataease » Version: 1.18.11

cpe:2.3:a:dataease:dataease:1.18.11
Dataease » Dataease » Version: 1.18.12

cpe:2.3:a:dataease:dataease:1.18.12
Dataease » Dataease » Version: 1.18.13

cpe:2.3:a:dataease:dataease:1.18.13
Dataease » Dataease » Version: 1.18.14

cpe:2.3:a:dataease:dataease:1.18.14
Dataease » Dataease » Version: 1.18.15

cpe:2.3:a:dataease:dataease:1.18.15
Dataease » Dataease » Version: 1.18.16

cpe:2.3:a:dataease:dataease:1.18.16
Dataease » Dataease » Version: 1.18.17

cpe:2.3:a:dataease:dataease:1.18.17
Dataease » Dataease » Version: 1.18.18

cpe:2.3:a:dataease:dataease:1.18.18
Dataease » Dataease » Version: 1.18.19

cpe:2.3:a:dataease:dataease:1.18.19
Dataease » Dataease » Version: 1.18.2

cpe:2.3:a:dataease:dataease:1.18.2
Dataease » Dataease » Version: 1.18.20

cpe:2.3:a:dataease:dataease:1.18.20
Dataease » Dataease » Version: 1.18.21

cpe:2.3:a:dataease:dataease:1.18.21
Dataease » Dataease » Version: 1.18.22

cpe:2.3:a:dataease:dataease:1.18.22
Dataease » Dataease » Version: 1.18.23

cpe:2.3:a:dataease:dataease:1.18.23
Dataease » Dataease » Version: 1.18.24

cpe:2.3:a:dataease:dataease:1.18.24
Dataease » Dataease » Version: 1.18.25

cpe:2.3:a:dataease:dataease:1.18.25
Dataease » Dataease » Version: 1.18.26

cpe:2.3:a:dataease:dataease:1.18.26
Dataease » Dataease » Version: 1.18.27

cpe:2.3:a:dataease:dataease:1.18.27
Dataease » Dataease » Version: 1.18.3

cpe:2.3:a:dataease:dataease:1.18.3
Dataease » Dataease » Version: 1.18.4

cpe:2.3:a:dataease:dataease:1.18.4
Dataease » Dataease » Version: 1.18.5

cpe:2.3:a:dataease:dataease:1.18.5
Dataease » Dataease » Version: 1.18.6

cpe:2.3:a:dataease:dataease:1.18.6
Dataease » Dataease » Version: 1.18.7

cpe:2.3:a:dataease:dataease:1.18.7
Dataease » Dataease » Version: 1.18.8

cpe:2.3:a:dataease:dataease:1.18.8
Dataease » Dataease » Version: 1.18.9

cpe:2.3:a:dataease:dataease:1.18.9
Dataease » Dataease » Version: 1.2.0

cpe:2.3:a:dataease:dataease:1.2.0
Dataease » Dataease » Version: 1.2.1

cpe:2.3:a:dataease:dataease:1.2.1
Dataease » Dataease » Version: 1.2.2

cpe:2.3:a:dataease:dataease:1.2.2
Dataease » Dataease » Version: 1.2.3

cpe:2.3:a:dataease:dataease:1.2.3
Dataease » Dataease » Version: 1.3.0

cpe:2.3:a:dataease:dataease:1.3.0
Dataease » Dataease » Version: 1.4.0

cpe:2.3:a:dataease:dataease:1.4.0
Dataease » Dataease » Version: 1.4.1

cpe:2.3:a:dataease:dataease:1.4.1
Dataease » Dataease » Version: 1.5.0

cpe:2.3:a:dataease:dataease:1.5.0
Dataease » Dataease » Version: 1.5.1

cpe:2.3:a:dataease:dataease:1.5.1
Dataease » Dataease » Version: 1.5.2

cpe:2.3:a:dataease:dataease:1.5.2
Dataease » Dataease » Version: 1.6.0

cpe:2.3:a:dataease:dataease:1.6.0
Dataease » Dataease » Version: 1.6.1

cpe:2.3:a:dataease:dataease:1.6.1
Dataease » Dataease » Version: 1.6.2

cpe:2.3:a:dataease:dataease:1.6.2
Dataease » Dataease » Version: 1.7.0

cpe:2.3:a:dataease:dataease:1.7.0
Dataease » Dataease » Version: 1.8.0

cpe:2.3:a:dataease:dataease:1.8.0
Dataease » Dataease » Version: 1.9.0

cpe:2.3:a:dataease:dataease:1.9.0
Dataease » Dataease » Version: 1.9.1

cpe:2.3:a:dataease:dataease:1.9.1
Dataease » Dataease » Version: 2.0.0

cpe:2.3:a:dataease:dataease:2.0.0
Dataease » Dataease » Version: 2.1.0

cpe:2.3:a:dataease:dataease:2.1.0
Dataease » Dataease » Version: 2.10.0

cpe:2.3:a:dataease:dataease:2.10.0
Dataease » Dataease » Version: 2.10.1

cpe:2.3:a:dataease:dataease:2.10.1
Dataease » Dataease » Version: 2.10.10

cpe:2.3:a:dataease:dataease:2.10.10
Dataease » Dataease » Version: 2.10.11

cpe:2.3:a:dataease:dataease:2.10.11
Dataease » Dataease » Version: 2.10.12

cpe:2.3:a:dataease:dataease:2.10.12
Dataease » Dataease » Version: 2.10.13

cpe:2.3:a:dataease:dataease:2.10.13
Dataease » Dataease » Version: 2.10.14

cpe:2.3:a:dataease:dataease:2.10.14
Dataease » Dataease » Version: 2.10.15

cpe:2.3:a:dataease:dataease:2.10.15
Dataease » Dataease » Version: 2.10.16

cpe:2.3:a:dataease:dataease:2.10.16
Dataease » Dataease » Version: 2.10.17

cpe:2.3:a:dataease:dataease:2.10.17
Dataease » Dataease » Version: 2.10.18

cpe:2.3:a:dataease:dataease:2.10.18
Dataease » Dataease » Version: 2.10.2

cpe:2.3:a:dataease:dataease:2.10.2
Dataease » Dataease » Version: 2.10.3

cpe:2.3:a:dataease:dataease:2.10.3
Dataease » Dataease » Version: 2.10.4

cpe:2.3:a:dataease:dataease:2.10.4
Dataease » Dataease » Version: 2.10.6

cpe:2.3:a:dataease:dataease:2.10.6
Dataease » Dataease » Version: 2.10.8

cpe:2.3:a:dataease:dataease:2.10.8
Dataease » Dataease » Version: 2.10.9

cpe:2.3:a:dataease:dataease:2.10.9
Dataease » Dataease » Version: 2.2.0

cpe:2.3:a:dataease:dataease:2.2.0
Dataease » Dataease » Version: 2.3.0

cpe:2.3:a:dataease:dataease:2.3.0
Dataease » Dataease » Version: 2.4.0

cpe:2.3:a:dataease:dataease:2.4.0
Dataease » Dataease » Version: 2.4.1

cpe:2.3:a:dataease:dataease:2.4.1
Dataease » Dataease » Version: 2.5.0

cpe:2.3:a:dataease:dataease:2.5.0
Dataease » Dataease » Version: 2.6.0

cpe:2.3:a:dataease:dataease:2.6.0
Dataease » Dataease » Version: 2.6.1

cpe:2.3:a:dataease:dataease:2.6.1
Dataease » Dataease » Version: 2.7.0

cpe:2.3:a:dataease:dataease:2.7.0
Dataease » Dataease » Version: 2.7.1

cpe:2.3:a:dataease:dataease:2.7.1
Dataease » Dataease » Version: 2.8.0

cpe:2.3:a:dataease:dataease:2.8.0
Dataease » Dataease » Version: 2.8.1

cpe:2.3:a:dataease:dataease:2.8.1
Dataease » Dataease » Version: 2.9.0

cpe:2.3:a:dataease:dataease:2.9.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23958

Products

Pricing

Contact Us