CVE-2026-27194 – CVE-2026-27194 is a remote code execution vulne... (How to Fix)

Q: What is the severity of CVE-2026-27194?

CVE-2026-27194 has a CVSS score of 9.8 (CRITICAL). CVE-2026-27194 is a remote code execution vulnerability in D-Tale's /save-column-filter endpoint that allows attackers to execute arbitrary code on vulnerable servers. This affects users who publicly expose D-Tale instances. The vulnerability stems from improper input validation (CWE-74) in pandas data structure visualization.

📋 TL;DR

CVE-2026-27194 is a remote code execution vulnerability in D-Tale's /save-column-filter endpoint that allows attackers to execute arbitrary code on vulnerable servers. This affects users who publicly expose D-Tale instances. The vulnerability stems from improper input validation (CWE-74) in pandas data structure visualization.

💻 Affected Systems

Products:

D-Tale

Versions: All versions prior to 3.20.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects publicly accessible D-Tale instances. Local-only deployments are not vulnerable to remote exploitation.

📦 What is this software?

D Tale by Man

View all CVEs affecting D Tale →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise allowing data theft, lateral movement, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Unauthorized data access, system manipulation, and potential credential harvesting from the compromised server.

🟢

If Mitigated

Limited impact with proper network segmentation and minimal exposed attack surface.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the vulnerable endpoint. No authentication is required for the vulnerable endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.20.0

Vendor Advisory: https://github.com/man-group/dtale/security/advisories/GHSA-c87c-78rc-vmv2

Restart Required: Yes

Instructions:

1. Stop D-Tale service. 2. Update D-Tale: pip install --upgrade dtale==3.20.0. 3. Restart D-Tale service.

🔧 Temporary Workarounds

Network Restriction

linux

Restrict access to D-Tale to trusted IPs only using firewall rules.

iptables -A INPUT -p tcp --dport [D-TALE_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [D-TALE_PORT] -j DROP

Endpoint Disable

all

Disable the vulnerable /save-column-filter endpoint if not required.

Modify D-Tale configuration to remove or restrict the endpoint

🧯 If You Can't Patch

Isolate D-Tale instance in a restricted network segment with no internet access
Implement web application firewall (WAF) rules to block malicious payloads targeting the endpoint

🔍 How to Verify

Check if Vulnerable:

Check D-Tale version: if version < 3.20.0 and endpoint is publicly accessible, system is vulnerable.

Check Version:

python -c "import dtale; print(dtale.__version__)"

Verify Fix Applied:

Confirm D-Tale version is 3.20.0 or higher and test endpoint with safe payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to /save-column-filter endpoint
Suspicious command execution patterns in system logs

Network Indicators:

Unexpected outbound connections from D-Tale server
Anomalous payloads to port 40000 (default D-Tale port)

SIEM Query:

source="*dtale*" AND (url="/save-column-filter" OR method="POST") AND (payload="*exec*" OR payload="*system*" OR payload="*subprocess*")

📊 Metadata

CVE ID: CVE-2026-27194

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-74

Published: February 21, 2026

Last Updated: February 23, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27194, you might also want to check these: