Primary

Context

D-Tale Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability exists in D-Tale versions prior to 3.20.0, specifically through the /save-column-filter endpoint. This issue allows attackers to execute arbitrary code on servers hosting D-Tale publicly.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where D-Tale is hosted.

Reproduction

The vulnerability can be reproduced by sending a crafted request to the /save-column-filter endpoint with a column filter that includes malicious code, such as Python commands or references to local variables that can be exploited.

Remediation

Users should upgrade to D-Tale version 3.20.0, where this vulnerability has been patched.

Added: Feb 21, 2026, 5:21 AM

Updated: Feb 21, 2026, 5:21 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.3

remediation

7.7

relevance

3.3

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.3

remediation

7.7

relevance

3.3

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

D-Tale Remote Code Execution Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

man-group D-Tale

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating