High severityNVD Advisory· Published Feb 21, 2026· Updated Feb 24, 2026
D-Tale affected by Remote Code Execution through the /save-column-filter endpoint
CVE-2026-27194
Description
D-Tale is a visualizer for pandas data structures. Versions prior to 3.20.0 are vulnerable to Remote Code Execution through the /save-column-filter endpoint. Users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. This issue has been fixed in version 3.20.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dtalePyPI | < 3.20.0 | 3.20.0 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-c87c-78rc-vmv2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2026-27194ghsaADVISORY
- github.com/man-group/dtale/commit/431c6148d3c799de20e1dec86c4432f48e3d0746ghsax_refsource_MISCWEB
- github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.