📊 HiddenMerit Daily · Issue 30

Focus on Database Frontiers, Practical Insights for DBAs May 26, 2026 ｜ 5 Selected Global Breaking News

01｜Dameng DM9 Deepens Financial Xinchuang: Insurance Asset Valuation Batch Processing Efficiency Up 10x, Securities Core System Domestic Breakthrough

During the 2026 Yinsheng Financial Technology Summit held from May 22 to 24, Dameng attended as a long-term deep strategic partner of Yinsheng. The two parties reached multiple strategic consensus on technology collaboration, scenario implementation, and joint solution development. Yan Heng, General Manager of Dameng’s Financial Division, delivered a speech titled “From Replacement to Leadership: Independent Database Technology Protects Financial Core Systems with Innovation,” focusing on the next-generation enterprise-level intelligent integrated database DM9.

According to the latest CCID Consulting report, Dameng firmly ranks first among domestic vendors in China’s financial industry centralised database market, taking the top position across all three sub‑markets: banking, insurance, and securities. Key case data highlights include:

• Insurance sector: In a large insurance asset valuation and accounting system project, leveraging Dameng for full‑stack independent optimisation, automated valuation batch processing efficiency increased by 10x, with processing time reduced from 2 hours to 15-20 minutes, stably supporting massive business data and large‑value fund flows. This achievement won the “2024 Digital China Innovation Contest” Xinchuang Track Technology Innovation Award.

• Securities sector: Dameng, in collaboration with Yinsheng, supported the construction of Guotai Haitong Securities’ asset management system. As the first large‑scale securities firm to pilot domestic valuation system replacement, its insurance valuation and other systems have gone live on Dameng, with other systems being progressively adapted.

• DBA Perspective: Dameng has delivered an exceptionally weighty “report card” in financial Xinchuang. Reducing batch processing from 2 hours to 15-20 minutes – a 10x efficiency improvement – is not incremental optimisation but a qualitative leap from architectural redesign. For DBAs planning financial Xinchuang projects, Dameng DM9’s real‑world data in high‑load scenarios like valuation and asset management can serve as a key reference for technology selection arguments. DBAs are advised to study how DM9’s “centralised and distributed integration” architecture achieves this performance breakthrough.

• CTO Perspective: Dameng ranking first across banking, insurance, and securities sub‑markets, combined with deep integration with core ISVs like Yinsheng, signals that the “technical ecosystem closed loop” for financial Xinchuang is rapidly taking shape. When selecting domestic solutions for financial core systems, CTOs now have access to full‑stack joint solutions from Dameng covering database to application layer, significantly reducing coordination costs from multiple vendors.

• Investor Perspective: A 10x efficiency gain and the first‑of‑its‑kind valuation system replacement at a securities firm – these are not proofs of concept but large‑scale delivery cases recognised by authoritative awards. Dameng’s moat in the financial industry is extending from product performance to the dual dimensions of “ecosystem depth + benchmark cases.” Secondary markets should continue to monitor Dameng’s penetration progress into financial core transaction systems.

Source: Dameng Data Financial Technology Summit Disclosures

02｜KingbaseES V9 CMS Real‑World Test: TPS ↑30%, Storage Cost ↓48%, Xinchuang Migration Enters “Cost Reduction & Efficiency Gain” Deep Zone

CETC Kingware (formerly Renda Kingware) recently disclosed real‑world migration validation data for KingbaseES V9 at a leading news website’s Content Management System (CMS). The system handles tens of millions of daily page views. After migration, key metrics are as follows:

Source: KingbaseES V9 Real‑World Test Report, 4‑node cluster, single node 32‑core CPU/128GB RAM, all‑flash array.

• DBA Perspective: These figures are worth careful study – a 30% TPS increase paired with a 48% reduction in storage costs means that for the same business scale, hardware budgets could be cut by nearly half while still achieving a net performance gain. The 73% reduction in full‑text search latency (from 450ms to 120ms) demonstrates Kingware’s kernel‑level optimisation for unstructured data processing (news CMS involves大量图文混排, XML/JSON metadata). For DBAs conducting database selection evaluations, this real‑world data serves as a reference benchmark for cost‑performance trade‑offs.

• CTO Perspective: The greatest value of Kingware’s CMS case is that it proves “domestic replacement does not mean performance compromise.” In real‑world high‑concurrency scenarios, KingbaseES V9 not only achieved smooth migration but also delivered a 30% TPS increase and near‑halving of TCO. This provides technology decision‑makers still in the观望 phase with a powerful quantitative decision‑making basis.

• Investor Perspective: A 48% storage cost reduction validates Kingware’s quantifiable technical premium in database kernel compression algorithms and storage engine optimisation. For Kingware, whose customers are mainly government and enterprises, this kind of “cost reduction + efficiency gain” real‑world data is the most powerful weapon in sales. The replacement demand for existing databases across national government agencies and central SOEs is enormous. If Kingware can continue to deliver such benchmark cases, its market share growth can be anticipated.

Source: CETC Kingware Tech Blog

03｜CITIC Securities CAP Account Platform Procures TDSQL: Another Milestone for Head Broker Core System Xinchuang

On May 25, CITIC Securities officially issued the “Procurement Results Announcement for TDSQL Xinchuang Database Software for the 2026 CAP Account Platform Construction Project,” with the winning supplier being Tencent Cloud Computing (Beijing) Co., Ltd., procured through single‑source negotiation. This is another landmark event for domestic replacement of core systems at a leading securities firm, following numerous financial institutions’ procurement of domestic databases.

The CAP Account Platform is one of a securities firm’s core business systems, carrying critical functions such as customer asset management and account accounting. CITIC Securities, as a leading institution in China’s securities industry, choosing TDSQL as the database foundation for its CAP Account Platform marks deepening penetration of Tencent Cloud TDSQL into securities core systems.

• DBA Perspective: CITIC Securities’ choice of TDSQL is not accidental. Previous Xinchuang procurements mostly piloted non‑core systems, but the CAP Account Platform is a core business system with extremely high demands for transaction consistency, high availability, and disaster recovery. TDSQL being selected through single‑source negotiation demonstrates that its distributed database’s maturity in financial core scenarios has gained technical recognition from a leading institution. For DBAs specialising in finance, TDSQL’s distributed transaction implementation and failover mechanisms are modules worth studying in depth.

• CTO Perspective: A leading securities firm adopting a domestic database for its core system is a clear signal that financial Xinchuang is moving from “peripheral replacement” to “core breakthrough.” CITIC Securities using single‑source negotiation rather than public bidding indicates that it has formed a clear judgment on the technology path, eliminating the need for comparison across multiple vendors. This is a strong “vote of confidence” for TDSQL and provides a reference benchmark for other securities firms’ technology selections.

• Investor Perspective: Core system orders from leading securities firms are both scarce and highly symbolic. The single‑source procurement for CITIC Securities’ CAP Account Platform means that TDSQL’s barriers in securities core systems are being established. Going forward, attention should be paid to the cadence of TDSQL orders in other financial sub‑sectors such as banking and insurance.

Source: CITIC Securities Procurement Announcement

04｜ChromaDB “ChromaToast” Critical Vulnerability Continues to Escalate: 14M‑Download Vector Database, 73% of Public Instances Exposed to RCE Risk

The open‑source vector database ChromaDB has been disclosed to have a highest‑severity security vulnerability, numbered CVE-2026-45829, nicknamed “ChromaToast.” The vulnerability allows an unauthenticated attacker to execute arbitrary code on servers exposed to the internet, posing a full remote code execution (RCE) risk.

The vulnerability was discovered by security company HiddenLayer. The core issue is a logic flaw in the order of authentication checks and model loading in ChromaDB’s Python FastAPI version server – the system allows loading and running embedding models before performing authentication checks. Attackers can craft specific requests abusing the trust_remote_code: true parameter to force ChromaDB to pull malicious models from the Hugging Face platform and execute them locally on the server.

ChromaDB’s PyPI package has nearly 14 million monthly downloads. The vulnerability was introduced in ChromaDB version 1.0.0 and remains unpatched as of version 1.5.8. HiddenLayer’s investigation shows that among public ChromaDB instances indexed by Shodan, over 73% are still running vulnerable versions. More concerning, HiddenLayer researchers have repeatedly tried to contact ChromaDB developers since February 17 but have received no response.

• DBA Perspective: The ChromaDB vulnerability brutally declares that vector database security cannot rely solely on “community faith.” When building RAG applications with such emerging components, DBAs must proactively take on the responsibility of pre‑deployment security reviews. Urgent actions: first, identify ChromaDB instances exposed to the public internet; second, switch to the Rust frontend version for deployment; third, restrict access to only trusted IPs. A more fundamental lesson: “supply chain security” for AI infrastructure must be included in DBAs’ daily monitoring scope.

• CTO Perspective: A “star project” with 14 million monthly downloads receiving no response to vulnerability reports for three months exposes the security governance shortcomings in the open‑source AI component supply chain. When selecting AI infrastructure components, technical managers must include “security response capability” in their vendor evaluation systems, avoiding reliance on “unmaintained” open‑source components for critical business.

• Investor Perspective: The ChromaToast vulnerability highlights the governance dilemma of “star project, amateur team” in the AI open‑source ecosystem. This means that enterprise customers will increasingly value the “backstop capability” of commercial support teams when procuring AI infrastructure. Vector database companies with complete commercial service systems (such as Pinecone, Zilliz) and security compliance service providers are likely to see increased orders from this wave of security anxiety.

Source: Zixunren Tech News & DBAPPSecurity

05｜Kingbase Time‑Series Database V9 Real‑World Test: Million‑Writes + Millisecond Queries, Xinchuang Time‑Series Capabilities Break Through

According to IDC forecasts, by 2026, over 50% of globally generated data will be unstructured or semi‑structured time‑series data, with 70% of real‑time decision‑making needs relying on millisecond‑level data response capabilities. CETC Kingware recently disclosed real‑world test results of KingbaseES V9 in industrial time‑series data scenarios: under high‑concurrency write tests, it maintained millisecond‑level real‑time query response even with millions of writes per second, with query latency fluctuation below 5%.

KingbaseES V9 has undergone deep kernel modifications for time‑series data. By introducing efficient compression algorithms and partition table mechanisms, using multi‑version concurrency control (MVCC) and adaptive partition strategies, it can automatically identify hot and cold distribution of time‑series data – keeping frequently accessed recent data in memory while archiving historical data to low‑cost storage layers. In test environments, KingbaseES V9 simultaneously supports high‑frequency transaction writes and complex analytical queries, achieving a “write‑aggregate‑query” integrated architecture.

• DBA Perspective: Time‑series data is moving from a “niche area” to the “main battlefield” of data. By 2026, time‑series data will account for half of global data volume, meaning DBAs must quickly fill their knowledge gaps about time‑series databases – including the underlying design of time‑series storage engines, down‑sampling strategies, data hot/cold separation, and data retention policies. KingbaseES V9’s real‑world test data (millions of writes + millisecond queries + fluctuation <5%) provides a reference for DBAs selecting time‑series databases in scenarios such as industrial internet, energy dispatch, and smart manufacturing.

• CTO Perspective: The forecast that time‑series data will exceed 50% of data volume confirms the judgment that “time‑series data is the record of all digital movement processes.” When planning data architecture, CTOs should prioritise databases with multi‑modal convergence capabilities (time‑series + relational + vector) rather than maintaining highly complex architectures that “patch together multiple databases.” KingbaseES V9’s HTAP integration capability is particularly suitable for real‑time scenarios requiring “produce, compute, and decide at the same time.”

• Investor Perspective: The time‑series database track is facing a “structural” growth inflection point – demand from industrial internet, smart grids, autonomous driving, and connected vehicles is shifting from “optional” to “mandatory.” Vendors with experience in industrial‑scenario time‑series migration and integrated multi‑modal capabilities are likely to capture significant market share in this wave of time‑series data growth. IDC’s prediction that time‑series data will account for half of global data provides macro‑level support for the valuation of time‑series database companies.

Source: CETC Kingware Time‑Series Database Tech Blog

📅 Recent Database Hot Topics Recap

📌 Issue Summary

HiddenMerit Team Production Slogan: 绩优隐于内，金石启新程 | Hidden deep. Merit bold. Forge ahead.