Vulnerability Details CVE-2026-32137
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, The table parameter for /de2api/datasource/previewData is directly concatenated into the SQL statement without any filtering or parameterization. Since tableName is a user-controllable string, attackers can inject malicious SQL statements by constructing malicious table names. This vulnerability is fixed in 2.10.20.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.3%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2026-32137
-
cpe:2.3:a:dataease:dataease:-
-
cpe:2.3:a:dataease:dataease:1.0.0
-
cpe:2.3:a:dataease:dataease:1.0.1
-
cpe:2.3:a:dataease:dataease:1.0.2
-
cpe:2.3:a:dataease:dataease:1.1.0
-
cpe:2.3:a:dataease:dataease:1.1.1
-
cpe:2.3:a:dataease:dataease:1.10.0
-
cpe:2.3:a:dataease:dataease:1.11.0
-
cpe:2.3:a:dataease:dataease:1.11.1
-
cpe:2.3:a:dataease:dataease:1.11.2
-
cpe:2.3:a:dataease:dataease:1.11.3
-
cpe:2.3:a:dataease:dataease:1.12.0
-
cpe:2.3:a:dataease:dataease:1.13.0
-
cpe:2.3:a:dataease:dataease:1.13.1
-
cpe:2.3:a:dataease:dataease:1.14.0
-
cpe:2.3:a:dataease:dataease:1.15.0
-
cpe:2.3:a:dataease:dataease:1.15.1
-
cpe:2.3:a:dataease:dataease:1.15.2
-
cpe:2.3:a:dataease:dataease:1.15.3
-
cpe:2.3:a:dataease:dataease:1.15.4
-
cpe:2.3:a:dataease:dataease:1.16.0
-
cpe:2.3:a:dataease:dataease:1.16.1
-
cpe:2.3:a:dataease:dataease:1.17.0
-
cpe:2.3:a:dataease:dataease:1.17.1
-
cpe:2.3:a:dataease:dataease:1.18.0
-
cpe:2.3:a:dataease:dataease:1.18.1
-
cpe:2.3:a:dataease:dataease:1.18.10
-
cpe:2.3:a:dataease:dataease:1.18.11
-
cpe:2.3:a:dataease:dataease:1.18.12
-
cpe:2.3:a:dataease:dataease:1.18.13
-
cpe:2.3:a:dataease:dataease:1.18.14
-
cpe:2.3:a:dataease:dataease:1.18.15
-
cpe:2.3:a:dataease:dataease:1.18.16
-
cpe:2.3:a:dataease:dataease:1.18.17
-
cpe:2.3:a:dataease:dataease:1.18.18
-
cpe:2.3:a:dataease:dataease:1.18.19
-
cpe:2.3:a:dataease:dataease:1.18.2
-
cpe:2.3:a:dataease:dataease:1.18.20
-
cpe:2.3:a:dataease:dataease:1.18.21
-
cpe:2.3:a:dataease:dataease:1.18.22
-
cpe:2.3:a:dataease:dataease:1.18.23
-
cpe:2.3:a:dataease:dataease:1.18.24
-
cpe:2.3:a:dataease:dataease:1.18.25
-
cpe:2.3:a:dataease:dataease:1.18.26
-
cpe:2.3:a:dataease:dataease:1.18.27
-
cpe:2.3:a:dataease:dataease:1.18.3
-
cpe:2.3:a:dataease:dataease:1.18.4
-
cpe:2.3:a:dataease:dataease:1.18.5
-
cpe:2.3:a:dataease:dataease:1.18.6
-
cpe:2.3:a:dataease:dataease:1.18.7
-
cpe:2.3:a:dataease:dataease:1.18.8
-
cpe:2.3:a:dataease:dataease:1.18.9
-
cpe:2.3:a:dataease:dataease:1.2.0
-
cpe:2.3:a:dataease:dataease:1.2.1
-
cpe:2.3:a:dataease:dataease:1.2.2
-
cpe:2.3:a:dataease:dataease:1.2.3
-
cpe:2.3:a:dataease:dataease:1.3.0
-
cpe:2.3:a:dataease:dataease:1.4.0
-
cpe:2.3:a:dataease:dataease:1.4.1
-
cpe:2.3:a:dataease:dataease:1.5.0
-
cpe:2.3:a:dataease:dataease:1.5.1
-
cpe:2.3:a:dataease:dataease:1.5.2
-
cpe:2.3:a:dataease:dataease:1.6.0
-
cpe:2.3:a:dataease:dataease:1.6.1
-
cpe:2.3:a:dataease:dataease:1.6.2
-
cpe:2.3:a:dataease:dataease:1.7.0
-
cpe:2.3:a:dataease:dataease:1.8.0
-
cpe:2.3:a:dataease:dataease:1.9.0
-
cpe:2.3:a:dataease:dataease:1.9.1
-
cpe:2.3:a:dataease:dataease:2.0.0
-
cpe:2.3:a:dataease:dataease:2.1.0
-
cpe:2.3:a:dataease:dataease:2.10.0
-
cpe:2.3:a:dataease:dataease:2.10.1
-
cpe:2.3:a:dataease:dataease:2.10.10
-
cpe:2.3:a:dataease:dataease:2.10.11
-
cpe:2.3:a:dataease:dataease:2.10.12
-
cpe:2.3:a:dataease:dataease:2.10.13
-
cpe:2.3:a:dataease:dataease:2.10.14
-
cpe:2.3:a:dataease:dataease:2.10.15
-
cpe:2.3:a:dataease:dataease:2.10.16
-
cpe:2.3:a:dataease:dataease:2.10.17
-
cpe:2.3:a:dataease:dataease:2.10.18
-
cpe:2.3:a:dataease:dataease:2.10.19
-
cpe:2.3:a:dataease:dataease:2.10.2
-
cpe:2.3:a:dataease:dataease:2.10.3
-
cpe:2.3:a:dataease:dataease:2.10.4
-
cpe:2.3:a:dataease:dataease:2.10.6
-
cpe:2.3:a:dataease:dataease:2.10.8
-
cpe:2.3:a:dataease:dataease:2.10.9
-
cpe:2.3:a:dataease:dataease:2.2.0
-
cpe:2.3:a:dataease:dataease:2.3.0
-
cpe:2.3:a:dataease:dataease:2.4.0
-
cpe:2.3:a:dataease:dataease:2.4.1
-
cpe:2.3:a:dataease:dataease:2.5.0
-
cpe:2.3:a:dataease:dataease:2.6.0
-
cpe:2.3:a:dataease:dataease:2.6.1
-
cpe:2.3:a:dataease:dataease:2.7.0
-
cpe:2.3:a:dataease:dataease:2.7.1
-
cpe:2.3:a:dataease:dataease:2.8.0
-
cpe:2.3:a:dataease:dataease:2.8.1
-
cpe:2.3:a:dataease:dataease:2.9.0