CVE-2026-53751
DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the H2 database JDBC URL validation logic can be bypassed with special Unicode characters whose case-conversion behavior differs between DataEase validation and H2 parsing, allowing attackers to smuggle dangerous parameters such as init in malicious H2 JDBC connection strings and achieve arbitrary code execution. This issue is fixed in version 2.10.24.
- SSVC automatable: yes - attacks can be scripted at scale
- ⚠ NVD has not scored this CVE yet - manual triage required (common for recent CVEs)
Exploitation momentum
2 days of EPSSSeverity & exploitation scoring
AV:_/AC:_/... vector string published by NVD.- 07 Jul 2026Published to NVD
- 08 Jul 2026Last modified
ATT&CK techniques
4Techniques this CVE enables. Pills with a solid outline are high confidence - named directly in ATT&CK or Nuclei, or human-curated by CTID; the rest are inferred from the weakness type using MITRE's CVE Mapping Methodology and the CWE → CAPEC chain. Broad, generic-weakness guesses are filtered out. A small N× marks a technique that N independent sources agree on.
CAPEC attack patterns
3Attack patterns this CVE enables - the bridge from weakness to ATT&CK technique.