{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-27194", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-02-18T19:47:02.154Z", "datePublished": "2026-02-21T04:25:38.628Z", "dateUpdated": "2026-02-24T18:58:24.887Z"}, "containers": {"cna": {"title": "D-Tale affected by Remote Code Execution through the /save-column-filter endpoint", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "version": "4.0"}}], "references": [{"name": "https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2"}, {"name": "https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746", "tags": ["x_refsource_MISC"], "url": "https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746"}], "affected": [{"vendor": "man-group", "product": "dtale", "versions": [{"version": "< 3.20.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T04:25:38.628Z"}, "descriptions": [{"lang": "en", "value": "D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue has been fixed in version 3.20.0."}], "source": {"advisory": "GHSA-c87c-78rc-vmv2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:58:04.663609Z", "id": "CVE-2026-27194", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:58:24.887Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-27194", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-24T18:58:04.663609Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:58:17.152Z"}}], "cna": {"title": "D-Tale affected by Remote Code Execution through the /save-column-filter endpoint", "source": {"advisory": "GHSA-c87c-78rc-vmv2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH"}}], "affected": [{"vendor": "man-group", "product": "dtale", "versions": [{"status": "affected", "version": "< 3.20.0"}]}], "references": [{"url": "https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2", "name": "https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746", "name": "https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue has been fixed in version 3.20.0."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-02-21T04:25:38.628Z"}}}, "cveMetadata": {"cveId": "CVE-2026-27194", "state": "PUBLISHED", "dateUpdated": "2026-02-24T18:58:24.887Z", "dateReserved": "2026-02-18T19:47:02.154Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-02-21T04:25:38.628Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C22AB7C-DD71-409F-92A1-11AD010D1934", "versionEndIncluding": "3.19.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue has been fixed in version 3.20.0."}], "id": "CVE-2026-27194", "lastModified": "2026-02-23T20:47:29.423", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "UNREPORTED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-02-21T05:17:29.123", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,3.20.0)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dtale", "source": "cna", "vendor": "man-group"}, "product": "dtale", "vendor": "man-group"}], "analysis": {"en": {"generated_at": "2026-04-17T16:56:10.368077+00:00", "value": {"mitigation_remediation": ["Upgrade D\u2011Tale to version 3.20.0 or later to remove the vulnerability", "Limit access to the /save-column-filter endpoint by requiring authentication or by exposing the service only on an internal network", "If the endpoint is unnecessary, disable or remove it entirely", "Validate and sanitize all input to the endpoint to prevent malformed expressions from executing"], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vendor \"man-group\" provides the D\u2011Tale application. All releases before version 3.20.0 contain the vulnerability. The fix was introduced in 3.20.0; any deployment of earlier builds is at risk.", "description_and_impact": "D\u2011Tale, a visualizer for pandas data structures, is vulnerable to remote code execution through its /save-column-filter endpoint. An attacker who can reach this endpoint can send a crafted request that causes the server to execute arbitrary code. The weakness is a form of expression injection, as identified by CWE\u201174, allowing execution of unexpected code paths and compromising confidentiality, integrity, and availability of the host system.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high\u2011severity flaw. The EPSS score is below 1\u202f%, suggesting that an exploit is unlikely at this time, but the vulnerability is not part of the CISA KEV catalog and is still publicly disclosed. Attackers can potentially exploit the endpoint via the internet if the application is publicly reachable, making the remote attack vector plausible. No special network conditions beyond public access are required."}}}}, "created": "2026-02-23T14:32:50.127449+00:00", "updated": "2026-04-17T17:00:10.199959+00:00", "vendors": ["man-group", "man-group$PRODUCT$dtale"]}