PatchSiren cyber security CVE debrief
CVE-2026-57172 dataease CVE debrief
CVE-2026-57172 is a high-severity vulnerability in DataEase, an open-source data visualization tool. The issue allows attackers to forge linkToken JWTs and gain unauthorized access to backend resources. This vulnerability exists in the ShareSecretManage component of DataEase, where a hardcoded default share link signature key is used. The vulnerability allows an attacker who can obtain a passwordless share for a resource and user to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator, even if the original share has been revoked.
- Vendor
- dataease
- Product
- Unknown
- CVSS
- HIGH 8.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-07
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-07
- Advisory updated
- 2026-07-07
Who should care
Users of DataEase versions prior to 2.10.24 should apply the patch to prevent unauthorized access to backend resources. This includes operators, platform administrators, vulnerability management teams, and security teams who manage or monitor DataEase deployments.
Technical summary
The vulnerability exists in the ShareSecretManage component of DataEase, where a hardcoded default share link signature key is used. This allows an attacker who can obtain a passwordless share for a resource and user to forge linkToken JWTs, bypass TokenFilter verification, and access backend resources as the share creator, even if the original share has been revoked. The issue is fixed in version 2.10.24.
Defensive priority
High
Recommended defensive actions
- Apply the patch to update to version 2.10.24 or later
- Review and revoke any existing shares created with the hardcoded key
- Monitor for suspicious activity related to share link signature key usage
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-07T21:17:28.223Z and has not been modified since then. The NVD entry is currently 8.3 HIGH. Evidence is limited to CVE and NVD details. Defenders should verify affected product scope, vendor guidance, and potential exposure.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-07T21:17:28.223Z and has not been modified since then.