PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-55633 dataease CVE debrief

CVE-2026-55633 is a remote code execution vulnerability in DataEase, an open-source data visualization and analysis tool. The vulnerability allows an authenticated attacker to upload a zip archive disguised with a .ttf extension and then exploit it through the zip protocol to achieve remote code execution. This issue was fixed in version 2.10.24. The vulnerability exists due to a bypass of the H2 zip protocol and file dropper fix. Users of DataEase versions prior to 2.10.24 should apply the patch to prevent remote code execution attacks. The CVE record was published on 2026-07-07T21:17:27.750Z and has not been modified since then.

Vendor
dataease
Product
Unknown
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-07
Original CVE updated
2026-07-07
Advisory published
2026-07-07
Advisory updated
2026-07-07

Who should care

Users of DataEase versions prior to 2.10.24 should apply the patch to prevent remote code execution attacks. This includes operators, administrators, and security teams responsible for managing and securing DataEase deployments. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability exists in DataEase due to a bypass of the H2 zip protocol and file dropper fix. An authenticated attacker can upload a malicious zip archive with a .ttf extension via FontManage.saveFile. The attacker can then exploit the zip protocol to execute remote code. The issue was addressed in version 2.10.24. The vulnerability allows an authenticated attacker to upload a zip archive disguised with a .ttf extension and then exploit it through the zip protocol to achieve remote code execution.

Defensive priority

High

Recommended defensive actions

  • Apply the patch by upgrading to DataEase version 2.10.24 or later
  • Restrict access to the FontManage.saveFile functionality to trusted users only
  • Monitor for suspicious zip file uploads and exploitation attempts
  • Implement additional security controls, such as web application firewalls and intrusion detection systems
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-07T21:17:27.750Z and has not been modified since then. The NVD entry is currently 8.7 HIGH. Limited evidence is available, and further investigation is recommended. Evidence is limited to CVE and NVD details. Defenders should verify product versions, review patch applicability, and assess potential impact based on available information. They should also review relevant monitoring, detection, and logs for exposed assets that need extra review.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T21:17:27.750Z and has not been modified since then.