CVE-2026-50124
DataEase prior to version 2.10.23 contains a remote code execution vulnerability triggered by uploading payload.zip via the Excel upload API (/datasource/upload). This creates an H2 datasource using the zip: protocol, and when the SQL dataset path is executed, CalciteProvider.jdbcFetchResultField...