CVSS 9.83 sources verified·1 min read
By Lyrie Threat Intelligence·6/17/2026
CRITICAL: CVE-2023-33963 (CVSS 9.8) — dataease dataease
CVE: CVE-2023-33963
CVSS: 9.8 (3.1) — CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
Status: Critical advisory
Affected
- dataease dataease
Summary
DataEase is an open source data visualization and analysis tool. Prior to version 1.18.7, a deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The vulnerability has been fixed in v1.18.7. There are no known workarounds aside from upgrading.
Verified Sources
References
- https://github.com/dataease/dataease/releases/tag/v1.18.7
- https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f
- https://github.com/dataease/dataease/releases/tag/v1.18.7
- https://github.com/dataease/dataease/security/advisories/GHSA-m26j-gh4m-xh9f
_Validated by the Lyrie Threat Intelligence Pipeline — 3 independent sources confirmed before publication. No speculation._
Lyrie Verdict
A vulnerability of this severity is exactly what Lyrie's anti-rogue-AI defense is built for: continuous, autonomous monitoring that doesn't wait for human reaction time.
Validated sources
- [1]NVD
- [2]GitHub Advisory
- [3]MITRE
Related Articles
cve deepdive
CRITICAL: CVE-2026-46858 (CVSS 9.1) — oracle application performance management
1 min read · 3 sources
cve deepdive
CRITICAL: CVE-2026-46789 (CVSS 9.6) — oracle webcenter content
1 min read · 3 sources
cve deepdive
CRITICAL: CVE-2026-46784 (CVSS 9.1) — oracle webcenter content
1 min read · 3 sources