CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/10 2:8 p.m.•5 views

CVE-2026-24015

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue...

vulnersOsv•added 2026/03/09 9:30 a.m.•4 views

org.apache.iotdb:client-example (>=1.1.2 <=1.3.6), org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3) +17 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=1.0.0 <=1.3.6)

org.apache.iotdb:node-commons MAVEN version =1.0.0, =1.1.2, =1.0.0, =1.2.2, =1.2.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.1.2 and more Source cves: CVE-2026-24015 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-15518633...

vulnersOsv•added 2026/03/09 9:30 a.m.•12 views

org.apache.iotdb:customize-mqtt-example (=2.0.1-beta), org.apache.iotdb:integration-test (=2.0.1-beta) +5 more potentially affected by CVE-2026-24015 via org.apache.iotdb:iotdb-server (=2.0.1-beta)

org.apache.iotdb:iotdb-server MAVEN version =2.0.1-beta is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.iotdb:iotdb-server and may be impacted: - org.apache.iotdb:customize-mqtt-example =2.0.1-beta - org.apache.iotdb:integration-test...

Snyk•added 2026/03/09 9:30 a.m.•3 views

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via JEXL dependency. An attacker can execute arbitrary commands, access sensitive data, or disrupt service by submittin...

9.8CVSS6AI score0.00662EPSS

Snyk•added 2026/03/09 9:30 a.m.•5 views

Binding to an Unrestricted IP Address

Overview org.apache.iotdb:iotdb-server is a data management system for time series data, which can provide users specific services, such as, data collection, storage and analysis. Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address in the default configuratio...

vulnersOsv•added 2026/03/09 9:30 a.m.•6 views

org.apache.iotdb:customize-mqtt-example (>=1.0.0 <=1.3.3), org.apache.iotdb:influxdb-protocol (>=1.0.0 <=1.1.2) +12 more potentially affected by CVE-2026-24015 via org.apache.iotdb:iotdb-server (>=1.0.0 <=1.3.3)

org.apache.iotdb:iotdb-server MAVEN version =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.3.3 Source cves: CVE-2026-24015 Source advisory: SNYK:JAVA-ORGAPACHEIOTDB-15518632...

vulnersOsv•added 2026/03/09 9:30 a.m.•5 views

org.apache.iotdb:client-example (>=2.0.1-beta <=2.0.6), org.apache.iotdb:customize-mqtt-example (=2.0.1-beta) +9 more potentially affected by CVE-2026-24015 via org.apache.iotdb:node-commons (>=2.0.1-beta <=2.0.6)

org.apache.iotdb:node-commons MAVEN version =2.0.1-beta, =2.0.1-beta, =2.0.1-beta, =2.0.6 - org.apache.iotdb:iotdb-distribution =2.0.1-beta - org.apache.iotdb:iotdb-server =2.0.1-beta - org.apache.iotdb:pipe-count-point-processor-example =2.0.1-beta - org.apache.iotdb:trigger-example =2.0.1-beta...

EUVD•added 2026/03/09 9:30 a.m.•4 views

EUVD-2026-10308

5.8AI score0.00584EPSS

EUVD•added 2026/03/09 9:30 a.m.•5 views

EUVD-2026-10310

5.8AI score0.00662EPSS

OSV•added 2026/03/09 9:30 a.m.•2 views

GHSA-74CF-PGH9-M5Q2 Apache IoTDB has an Insecure Default Configuration Vulnerability

NVD•added 2026/03/09 9:16 a.m.•4 views

Exploits0References8

CVE-2026-24713

9.8CVSS0.00662EPSS

OSV•added 2026/03/09 9:16 a.m.•4 views

CVE-2026-24015

9.8CVSS5.8AI score

CVE•added 2026/03/09 8:59 a.m.•14 views

CVE-2026-24713

CVE-2026-24713 relates to an improper input validation vulnerability in Apache IoTDB. Affected versions are 1.0.0 before 1.3.7 and 2.0.0 before 2.0.7. Upgrading to 1.3.7 or 2.0.7 is recommended as a fix. Some sources describe the impact as potentially enabling remote code execution through crafte...

9.8CVSS5.8AI score0.00662EPSS

ATTACKERKB•added 2026/03/09 8:59 a.m.•3 views

CVE-2026-24713

5.8AI score0.00662EPSS

Vulnrichment•added 2026/03/09 8:59 a.m.•4 views

CVE-2026-24713 Apache IoTDB: JEXL Expression Injection Vulnerability

5.8AI score0.00662EPSS

Cvelist•added 2026/03/09 8:57 a.m.•32 views

CVE-2026-24015 Apache IoTDB: Insecure Default Configuration Vulnerability

0.00584EPSS

ATTACKERKB•added 2026/03/09 8:57 a.m.•3 views

CVE-2026-24015

5.8AI score0.00584EPSS

Vulnrichment•added 2026/03/09 8:57 a.m.•3 views

CVE-2026-24015 Apache IoTDB: Insecure Default Configuration Vulnerability

5.8AI score0.00584EPSS

CVE•added 2026/03/09 8:57 a.m.•13 views

CVE-2026-24015

CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...