5 matches found
CVE-2026-40006
CVE-2026-40006 affects Apache IoTDB: when pipe_air_gap_receiver_enabled is true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 without authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and passes it to new byte[length] with...
CVE-2026-24012
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...
PT-2026-24021
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...
org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)
org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...
The vulnerability of the iotdb-web-workbench component of the IoT database for Apache IoTDB allows a hacker to escalate their privileges.
The vulnerability of the iotdb-web-workbench component of the IoT database solution from Apache IoTDB is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...