Skip to content
Verified reproduction

CVE-2026-40900: DataEase: stacked-query SQL injection via previewSql with allowMultiQueries

CVE-2026-40900 is verified against dataease · github affected versions: <= v2.10.20 fixed version: v2.10.21 vulnerability class: SQLi This high reproduction includes runnable sandbox proof, artifacts, and a plain-text agent view under REPRO-2026-00169.

REPRO-2026-00169 dataease · github SQLi Variant found May 26, 2026 CVE entry .txt
Severity HIGH
Confidence HIGH
Reproduced in 58m 29s
Tool calls 582
Spend $11.11
Affected <= v2.10.20
Fixed in v2.10.21
$ pruva-verify REPRO-2026-00169
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00169/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

DataEase's "preview SQL" endpoint takes user-supplied SQL meant to represent a dataset's source query and wraps it inside a subquery, roughly:

SELECT * FROM ( <USER_SQL> ) AS pruva_alias LIMIT 100

The server does NOT validate that the user input is a single SELECT statement. When the underlying MySQL JDBC connection has allowMultiQueries=true (set on the JDBC URL of the configured datasource), a crafted payload using MySQL's # comment terminator can escape the wrapping subquery and execute arbitrary stacked statements. Example payload:

SELECT 1 FROM dual) AS x; INSERT INTO core_msg_type (id, name, pid) VALUES (999999999, 'pwned-by-cve-2026-40900', 0)#

After the server's SELECT * FROM ( ... ) AS pruva_alias LIMIT 100 wrap is applied this becomes a perfectly valid multi-statement script: the first statement is a benign SELECT, the second statement is the attacker's side-effecting query, and the trailing # swallows the remainder of the wrapper (closing paren, alias, LIMIT). With allowMultiQueries=true MySQL runs both statements and the INSERT/UPDATE/DELETE commits to the application database.

In the full chain documented by Ox Security (auth bypass CVE-2026-23958 -> JDBC blocklist bypass CVE-2026-40899 -> this CVE -> Quartz scheduler RCE) the attacker uses CVE-2026-40899 to plant allowMultiQueries=true in the JDBC URL of a datasource. For a standalone reproduction of CVE-2026-40900 we can shortcut that step by registering the datasource with allowMultiQueries=true manually (as admin) - the bug under test is the missing single-statement enforcement in previewSql.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.

bundle/context.json4.7 KB
bundle/metadata.json0.8 KB
bundle/ticket.md7.1 KB
bundle/repro/my.cnf0.1 KB
bundle/repro/init.sql0.1 KB
bundle/repro/rca_report.md5.5 KB
bundle/repro/patch_analysis.md3.1 KB
bundle/repro/docker-compose.yml1.0 KB
bundle/repro/application.yml0.6 KB
bundle/repro/reproduction_steps.sh11.9 KB
bundle/repro/validation_verdict.json1.5 KB
bundle/vuln_variant/root_cause_equivalence.json1.6 KB
bundle/vuln_variant/rca_report.md8.9 KB
bundle/vuln_variant/patch_analysis.md4.1 KB
bundle/vuln_variant/docker-compose.yml1.4 KB
bundle/vuln_variant/variant_manifest.json3.2 KB
bundle/vuln_variant/runtime_manifest.json1.0 KB
bundle/vuln_variant/reproduction_steps.sh12.3 KB
bundle/vuln_variant/validation_verdict.json4.0 KB
bundle/vuln_variant/source_identity.json0.8 KB
bundle/logs/variant3_v2.10.21_create.json0.9 KB
bundle/logs/variant1_v2.10.20_exploit.json0.8 KB
bundle/logs/variant3_v2.10.21_baseline.json0.8 KB
bundle/logs/variant2_v2.10.20_exploit.json0.3 KB
bundle/logs/variant_run.log4.2 KB
bundle/logs/variant_run7.log2.7 KB
bundle/logs/variant3_v2.10.20_exploit.json0.1 KB
bundle/logs/variant3_v2.10.21_exploit.json0.2 KB
bundle/logs/variant_run5.log0.9 KB
bundle/logs/variant_run4.log0.9 KB
bundle/logs/v2.10.20_validate.json0.6 KB
bundle/logs/variant3_v2.10.20_baseline.json0.8 KB
bundle/logs/variant_run3.log0.8 KB
bundle/logs/variant2_v2.10.21_exploit.json0.3 KB
bundle/logs/variant_run2.log0.8 KB
bundle/logs/v2.10.21_create_datasource.json0.9 KB
bundle/logs/variant1_v2.10.20_create.json0.9 KB
bundle/logs/variant_v2.10.21_docker.log0.6 KB
bundle/logs/v2.10.21_exploit.json0.0 KB
bundle/logs/variant2_v2.10.20_create.json0.9 KB
bundle/logs/variant_v2.10.20_docker.log0.6 KB
bundle/logs/variant2_v2.10.21_create.json0.9 KB
bundle/logs/v2.10.21_validate.json0.1 KB
bundle/logs/variant1_v2.10.21_create.json0.9 KB
bundle/logs/v2.10.20_exploit.json0.7 KB
bundle/logs/variant3_v2.10.20_create.json0.9 KB
bundle/logs/variant_run6.log2.7 KB
bundle/logs/variant_run8.log2.8 KB