dbeaver

v26.1.0 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 3d Editors & IDEs

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

ai database databricks db2 dbeaver erd

+12 more

gui java jdbc mysql nosql oracle postgresql redshift snowflake sql sqlite sqlserver

Affected surfaces

rce_ssrf

ReleasePort's take

Moderate signal

editorial:auto 3d

DBeaver version 26.1.0 fixes an XXE Injection vulnerability in the XML Viewer.

Why it matters: The fix addresses a high‑severity (severity 90) security issue; users of DBeaver should upgrade to mitigate potential remote code execution attacks.

Summary

AI summary

Broad release touches Navigator, Connectivity, Miscellaneous, and Development.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Fixed XXE Injection in DBeaver XML Viewer Fixed XXE Injection in DBeaver XML Viewer Source: llm_adapter@2026-05-31 Confidence: high	—
Feature
Feature	Medium	Added support for double-curly SQL parameters in SQL Editor Added support for double-curly SQL parameters in SQL Editor Source: llm_adapter@2026-05-31 Confidence: high	—
Feature	Medium	Added shortcuts 'Shift+Alt+Insert' and 'Ctrl+Shift+Alt+Insert' in Data Editor Added shortcuts 'Shift+Alt+Insert' and 'Ctrl+Shift+Alt+Insert' in Data Editor Source: llm_adapter@2026-05-31 Confidence: high	—
Feature	Medium	Added ability to hide filters in Data Editor Added ability to hide filters in Data Editor Source: llm_adapter@2026-05-31 Confidence: high	—
Feature	Medium	Added 'Insert new rows' option in Advanced Copy of Data Editor Added 'Insert new rows' option in Advanced Copy of Data Editor Source: llm_adapter@2026-05-31 Confidence: high	—
Feature	Medium	Jump servers settings now update on the fly in Connectivity Jump servers settings now update on the fly in Connectivity Source: llm_adapter@2026-05-31 Confidence: high	—
Feature	Medium	Added support for GizmoSQL driver Added support for GizmoSQL driver Source: llm_adapter@2026-05-31 Confidence: high	—
Feature	Low	Added AI assistant support for new OpenAI codex models with GitHub Copilot Added AI assistant support for new OpenAI codex models with GitHub Copilot Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Feature	Low	Improved import from DataGrip for Snowflake, BigQuery and other non-standard connections Improved import from DataGrip for Snowflake, BigQuery and other non-standard connections Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Feature	Low	Added 'supports-ddl-transactions' parameter for custom generic drivers to configure DDL transaction support Added 'supports-ddl-transactions' parameter for custom generic drivers to configure DDL transaction support Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Feature	Low	Enabled opening schemas with hyphen in name for Databricks Enabled opening schemas with hyphen in name for Databricks Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Feature	Low	Result tabs in Oracle are named depending on the executed query Result tabs in Oracle are named depending on the executed query Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Dependency	Low	Updated Redshift driver to version 2.2.6 Updated Redshift driver to version 2.2.6 Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix
Bugfix	Medium	Fixed spatial data appearing grayed in Spatial viewer Fixed spatial data appearing grayed in Spatial viewer Source: llm_adapter@2026-05-31 Confidence: high	—
Bugfix	Medium	Fixed newly created object deletion after Navigator refresh Fixed newly created object deletion after Navigator refresh Source: llm_adapter@2026-05-31 Confidence: high	—
Bugfix	Medium	Fixed incorrect HTML export when only one of "Table header" or "Column headers" was enabled in Data Transfer Fixed incorrect HTML export when only one of "Table header" or "Column headers" was enabled in Data Transfer Source: llm_adapter@2026-05-31 Confidence: high	—
Bugfix	Medium	Fixed multiple content disappearance issues in Task Management wizard pages Fixed multiple content disappearance issues in Task Management wizard pages Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Medium	Fixed build failures caused by non-English default JVM locales on developer machines Fixed build failures caused by non-English default JVM locales on developer machines Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Low	Fixed item count disappearance after refreshing Metadata Editor Fixed item count disappearance after refreshing Metadata Editor Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Low	Keeps Copy button disabled until DDL generation completes in Generate DDL dialog Keeps Copy button disabled until DDL generation completes in Generate DDL dialog Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Low	Fixed white background issue of vertical tabs and toolbar items in Dark theme Fixed white background issue of vertical tabs and toolbar items in Dark theme Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Low	Fixed incorrect presentation of multiple query results in BigQuery Fixed incorrect presentation of multiple query results in BigQuery Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Low	Fixed LIST array presentation in Data Editor for DuckDB Fixed LIST array presentation in Data Editor for DuckDB Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Bugfix	Low	Fixed Execution plan opening for Microsoft Fabric Fixed Execution plan opening for Microsoft Fabric Source: granite4.1:30b@2026-05-31-audit Confidence: low	—
Other	Low	Improved French localization Improved French localization Source: granite4.1:30b@2026-05-31-audit Confidence: low	—

Full changelog

            - SQL Editor:
                - Added support for double-curly SQL parameters[#40914] (thanks to @namoguy)
          	- AI assistant: Added support for new OpenAI codex models with the GitHub Copilot
          	- Metadata Editor:
                - Fixed an issue where the item count disappeared after refreshing the editor (thanks to @jack-stormentswe)
          	- Data Editor:
          	    - Added new shortcuts: 'Shift+Alt+Insert' inserts a row before the current,  'Ctrl+Shift+Alt+Insert' duplicates a row and inserts before the current row (thanks to @jack-stormentswe)
          	    - Added the ability to hide filters (thanks to @EastLord)
          	    - Added the "Insert new rows" option to Advanced Copy, allowing users to insert new rows without replacing existing ones
                - Fixed an issue when some spatial data was displayed as grayed in the Spatial viewer
          	- Navigator: Fixed an issue when the newly created object was deleted after the refresh (thanks to @Desel72)
            - Connectivity: Jump servers settings are now updated on the fly (thanks to @jack-stormentswe)
          	- Data Transfer: Fixed incorrect export to HTML format when only one of the "Table header" or "Column headers" options was enabled (thanks to @boskodev790)
          	- Task Management: Fixed multiple issues where content could disappear on some tool pages inside the Task wizard
            - Security: Fixed XXE Injection in DBeaver XML Viewer
          	- New drivers: Added support for GizmoSQL driver (thanks to @prmoore77)
          	- Miscellaneous:
          	    - The Copy button in the Generate DDL dialog now remains disabled until DDL generation is complete (thanks to @dhgoal)
                - Fixed an issue with white background of vertical tabs and some toolbar items in the Dark theme
          	    - Improved import from DataGrip for Snowflake, BigQuery and other non-standard connections (thanks to @a3894281)
                - Added the 'supports-ddl-transactions' parameter for custom generic drivers to configure DDL transaction support (thanks to @popsiclelmlm)
            - Development: Fixed build failures caused by non-English default JVM locales on developer machines (thanks to @EastLord)
          	- Databases:
                - BigQuery: Fixed the incorrect presentation of multiple query results (thanks to @EastLord)
          	    - DuckDB: Fixed  LIST array presentation in the Data Editor (thanks to @EastLord)
          	    - Databricks: Fixed the ability to open schemas with a hyphen in the name (thanks to @tonicebrian)
                - Microsoft Fabric: Fixed Execution plan opening
          	    - Oracle: Result tabs are named depending on the executed query (thanks to @EastLord)
          	    - Redshift driver was updated to version 2.2.6
          	- Localization: French localization was improved (thanks to @Jean-BaptisteC)

Security Fixes

Fixed XXE Injection vulnerability in DBeaver XML Viewer

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track dbeaver

Get notified when new releases ship.

About dbeaver

Free universal database tool and SQL client

All releases →

dbeaver

ReleasePort's take

Summary

Changes in this release

Security Fixes

Related context

Related tools