CVE-2026-33082

DataEase (open source data visualization tool) has a SQL injection vulnerability in the dataset export feature for versions 2.10.20 and earlier. The issue arises in the POST /de2api/datasetTree/exportDataset flow where expressionTree is deserialized into a filtering object and fed to WhereTree2St...