Moshe Siman Tov Bustan(@MosheTov):4-Vulnerability Exploit Chain in DataEase My team found a 4-vulnerability exploit chain allowing unauthenticated RCE on DataEase. Combined with a previously published vulnerability (CVE-2026-23958) - these new vulns complete the attack chain, bypassing JDBC, SQL Injection and a Quartz scheduler injection that runs periodically and executes a crafted payload on the machine. We have also a video showing the exploit POC in action :) Read the full blog:

Moshe Siman Tov Bustan

@MosheTov

Security Research Team Lead @OX__Security Guitars @CompileBand 23x CVEs 3x Conference Talks

加入 October 2013

485 正在關注 841 粉絲

Moshe Siman Tov Bustan@MosheTov

2026.05.25 11:49

4-Vulnerability Exploit Chain in DataEase My team found a 4-vulnerability exploit chain allowing unauthenticated RCE on DataEase. Combined with a previously published vulnerability (CVE-2026-23958) - these new vulns complete the attack chain, bypassing JDBC, SQL Injection and a Quartz scheduler injection that runs periodically and executes a crafted payload on the machine. We have also a video showing the exploit POC in action :) Read the full blog: