CVE-2026-33082

Name of the Vulnerable Software and Affected Versions DataEase versions prior to 2.10.21

Description The dataset export functionality allows for SQL injection. The expressionTree parameter in the endpoint '/de2api/datasetTree/exportDataset' is deserialized into a filtering object and passed to the WhereTree2Str.transFilterTrees() function for SQL translation. User-controlled values in "like" filter terms are directly concatenated into SQL fragments without sanitization. This allows an attacker to inject arbitrary SQL commands by escaping the string literal in the filter value, enabling blind SQL injection, such as time-based extraction of database information.

Recommendations Update to version 2.10.21.