D-Tale affected by Remote Code Execution through the /save-column-filter endpoint

GHSA-c87c-78rc-vmv2 · CVE-2026-27194

Published Feb 19, 2026 · Modified Feb 23, 2026

Description

Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server.

Users should upgrade to version 3.20.0.

There are no workarounds for versions < 3.20.0

Ready to move

Free, no credit card | First findings in minutes