CVE-2026-32140
Received Received - Intake
Remote Code Execution via IniFile Injection in Dataease JDBC

Publication date: 2026-03-12

Last updated on: 2026-03-13

Assigner: GitHub, Inc.

Description
Dataease is an open source data visualization analysis tool. Prior to 2.10.20, By controlling the IniFile parameter, an attacker can force the JDBC driver to load an attacker-controlled configuration file. This configuration file can inject dangerous JDBC properties, leading to remote code execution. The Redshift JDBC driver execution flow reaches a method named getJdbcIniFile. The getJdbcIniFile method implements an aggressive automatic configuration file discovery mechanism. If not explicitly restricted, it searches for a file named rsjdbc.ini. In a JDBC URL context, users can explicitly specify the configuration file via URL parameters, which allows arbitrary files on the server to be loaded as JDBC configuration files. Within the Redshift JDBC driver properties, the parameter IniFile is explicitly supported and used to load an external configuration file. This vulnerability is fixed in 2.10.20.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-13
Generated
2026-05-07
AI Q&A
2026-03-12
EPSS Evaluated
2026-05-05
NVD
CVE-2026-32140
EUVD
EUVD-2026-11651
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
dataease dataease to 2.10.20 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': 'CVE-2026-32140 is a remote code execution vulnerability in the Redshift JDBC driver used by the DataEase data visualization tool prior to version 2.10.20.'}, {'type': 'paragraph', 'content': 'The vulnerability arises because the driver aggressively searches for a configuration file named rsjdbc.ini, including allowing users to specify this file explicitly via the IniFile parameter in the JDBC URL.'}, {'type': 'paragraph', 'content': 'An attacker can exploit this by controlling the IniFile parameter to load a malicious configuration file containing dangerous JDBC properties. This can lead to the execution of arbitrary code on the server.'}, {'type': 'paragraph', 'content': "For example, a crafted ini file can abuse Spring's FileSystemXmlApplicationContext to load a remote XML configuration, which triggers remote code execution."}, {'type': 'paragraph', 'content': 'The vulnerability is fixed in DataEase and the Redshift JDBC driver version 2.10.20.'}] [1]


How can this vulnerability impact me? :

This vulnerability can allow an attacker to execute arbitrary code remotely on the server running the vulnerable Redshift JDBC driver.

By exploiting the ability to load a malicious configuration file, an attacker can gain control over the affected system, potentially leading to data theft, system compromise, or further attacks within the network.

Since the vulnerability requires no authentication and can be triggered remotely, it poses a high risk to affected systems.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking if your system or application is using a vulnerable version of the Redshift JDBC driver or DataEase prior to version 2.10.20.'}, {'type': 'paragraph', 'content': 'You can look for JDBC URLs that include the IniFile parameter, which may be exploited to load malicious configuration files.'}, {'type': 'paragraph', 'content': 'To detect potential exploitation attempts, monitor network traffic or logs for JDBC URLs containing the IniFile parameter or unusual references to rsjdbc.ini files.'}, {'type': 'paragraph', 'content': 'Suggested commands to help detect this vulnerability include:'}, {'type': 'list_item', 'content': "Search application configuration files or code for JDBC URLs containing 'IniFile=' parameter, e.g., using grep: grep -r 'IniFile=' /path/to/application"}, {'type': 'list_item', 'content': 'Check running processes or logs for usage of vulnerable Redshift JDBC driver versions prior to 2.10.20.'}, {'type': 'list_item', 'content': 'Monitor network traffic for suspicious JDBC URL parameters or unexpected connections to external resources specified in IniFile configurations.'}] [1]


What immediate steps should I take to mitigate this vulnerability?

The primary and recommended mitigation is to upgrade the Redshift JDBC driver and DataEase to version 2.10.20 or later, where this vulnerability is fixed.

Additionally, restrict or sanitize the IniFile parameter in JDBC URLs to prevent loading of arbitrary or attacker-controlled configuration files.

Implement input validation and filtering on any interfaces that accept JDBC URLs or datasource configurations to block malicious IniFile parameters.

Monitor and audit usage of the IniFile parameter and rsjdbc.ini files to detect and prevent unauthorized modifications or usage.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart