Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.1
D-Tale: Publicly Hosted Sites at Risk of Malicious Code Execution
CVE-2026-27194
GHSA-c87c-78rc-vmv2
Summary
D-Tale users hosting their sites publicly may be at risk if they haven't updated to the latest version. This could allow attackers to run malicious code on the server. To protect your site, update to version 3.20.0 or later.
What to do
- Update dtale to version 3.20.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | dtale | <= 3.20.0 | 3.20.0 |
| man | d-tale | <= 3.19.1 | – |
Original title
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint
Original description
### Impact
Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server.
### Patches
Users should upgrade to version 3.20.0.
### Workarounds
There are no workarounds for versions < 3.20.0
Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server.
### Patches
Users should upgrade to version 3.20.0.
### Workarounds
There are no workarounds for versions < 3.20.0
nvd CVSS3.1
9.8
nvd CVSS4.0
8.1
Vulnerability type
CWE-74
Injection
Published: 19 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026