EUVD-2026-10311

Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

PT-2026-24021

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.6, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.6 and 2.0.7, which fixes the issue...

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.2-1), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +8 more potentially affected by CVE-2025-26864 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.2-1)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.2-1 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-bet...

The vulnerability of the iotdb-web-workbench component of the IoT database for Apache IoTDB allows a hacker to escalate their privileges.

The vulnerability of the iotdb-web-workbench component of the IoT database solution from Apache IoTDB is related to deficiencies in the authentication mechanism. Exploiting this vulnerability could allow an attacker to enhance their privileges remotely...