CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2026-55631

unknowncovered by 1 sourcefirst seen 2026-07-07
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font storage directory and passes it to FileUtils.deleteFile() without path traversal sanitization, allowing deletion of arbitrary writable files in the application container. This issue is fixed in version 2.10.24.

⚡ Watch CVE-2026-55631

Get an email if CVE-2026-55631 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2026-55631

CVE.org record

Embed the live status

CVE-2026-55631 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2026-55631 status](https://www.csirts.com/badge/CVE-2026-55631)](https://www.csirts.com/cve/CVE-2026-55631)