CVE-2026-33122 | DataEase up to 2.10.20 API Datasource Update Process update deTableName sql injection

Inserito da Angelo Barbosa | Apr 16, 2026 | CVE

A vulnerability labeled as critical has been found in DataEase up to 2.10.20. Affected by this vulnerability is an unknown functionality of the file /de2api/datasource/update of the component API Datasource Update Process. Such manipulation of the argument deTableName leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-33122. The attack can be launched remotely. No exploit exists.

The affected component should be upgraded.

CVE-2026-33122 | DataEase up to 2.10.20 API Datasource Update Process update deTableName sql injection

Post correlati

CVE-2025-2895 | IBM Cloud Pak System up to 2.3.4.1 iFix1 cross site scripting

CVE-2024-7038 | open-webui up to 0.3.8 Admin Setting information disclosure

CVE-2025-52136 | EMQX up to 5.8.5 Novel Plugin unusual condition

CVE-2025-41012 | TCMAN GIM 20250304 /WS/PDAWebService.asmx UnlockUser pda:userId/pda:newPassword authorization