PatchSiren cyber security CVE debrief
CVE-2026-55633 dataease CVE debrief
CVE-2026-55633 is a remote code execution vulnerability in DataEase, an open-source data visualization and analysis tool. The vulnerability allows an authenticated attacker to upload a zip archive disguised with a .ttf extension and then exploit it through the zip protocol to achieve remote code execution. This issue was fixed in version 2.10.24. The vulnerability exists due to a bypass of the H2 zip protocol and file dropper fix. Users of DataEase versions prior to 2.10.24 should apply the patch to prevent remote code execution attacks. The CVE record was published on 2026-07-07T21:17:27.750Z and has not been modified since then.
- Vendor
- dataease
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of DataEase versions prior to 2.10.24 should apply the patch to prevent remote code execution attacks. This includes operators, administrators, and security teams responsible for managing and securing DataEase deployments. They should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability exists in DataEase due to a bypass of the H2 zip protocol and file dropper fix. An authenticated attacker can upload a malicious zip archive with a .ttf extension via FontManage.saveFile. The attacker can then exploit the zip protocol to execute remote code. The issue was addressed in version 2.10.24. The vulnerability allows an authenticated attacker to upload a zip archive disguised with a .ttf extension and then exploit it through the zip protocol to achieve remote code execution.
Defensive priority
High
Recommended defensive actions
- Apply the patch by upgrading to DataEase version 2.10.24 or later
- Restrict access to the FontManage.saveFile functionality to trusted users only
- Monitor for suspicious zip file uploads and exploitation attempts
- Implement additional security controls, such as web application firewalls and intrusion detection systems
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-07T21:17:27.750Z and has not been modified since then. The NVD entry is currently 8.7 HIGH. Limited evidence is available, and further investigation is recommended. Evidence is limited to CVE and NVD details. Defenders should verify product versions, review patch applicability, and assess potential impact based on available information. They should also review relevant monitoring, detection, and logs for exposed assets that need extra review.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T21:17:27.750Z and has not been modified since then.