CVE-2026-40008
CVE-2026-40008 concerns Apache IoTDB and is caused by the pipe processor reading a fully-qualified Java class name and calling Class.forName().newInstance() without validation or allowlisting (Unsafe Reflection). Affected versions are 1.0.0 up to, but not including, 2.0.10. The issue enables arbi...