38 matches found
CVE-2026-62355
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader adminuser on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and crea...
CVE-2026-62353
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.14, source/libs/parser/src/parTokenizer.c tGetToken incremented past a trailing backslash in a SQL string literal such as 'abc\ and read one byte beyond the null terminator, allowing an authenticated user...
CVE-2026-62351
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, source/libs/transport/src/transComm.c transDecompressMsg read STransCompMsg.contLen when pHead-comp == 1 without first validating that the RPC packet contained the 8-byte STransCompMsg structure, causi...
CVE-2026-62348
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the...
CVE-2026-62349
TDengine is an open source, time-series database optimized for Internet of Things devices. In 3.4.1.6 and earlier, source/libs/parser/src/parUtil.c trimString checks space for only one byte before processing SQL string escape sequences %, , or \x, allowing a one-byte out-of-bounds write to the...
CVE-2026-62350
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a user-defined function, such as eval, then execute arbitrary C code on the TDengine server side...
CVE-2026-62351
TDengine before 3.4.1.15 is affected. In transDecompressMsg() within source/libs/transport/src/transComm.c, the code reads STransCompMsg.contLen when pHead->comp == 1 without first validating that the RPC packet contains the 8-byte STransCompMsg structure. This can cause an unauthenticated out...
CVE-2026-62348 TDengine: KILL SSMIGRATE missing authorization lets low-privilege users interrupt shared-storage migrations
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the...
CVE-2026-62348
TDengine TDengine Enterprise prior to 3.4.1.15 is affected. An authenticated low-privilege SQL user could issue KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the MND_OPER_SSMIGRATE_DB privilege check was commented out. ...
CVE-2026-62349
TDengine 3.4.1.6 and earlier contains an off-by-one/write vulnerability in source/libs/parser/src/parUtil.c: trimString() only checks a single-byte space before handling SQL string escape sequences (%, _, or \x), enabling a one-byte out-of-bounds write to the stack buffer tmpTokenBuf. This can le...
CVE-2026-62350 TDengine: UDF lead to RCE
TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a user-defined function, such as eval, then execute arbitrary C code on the TDengine server side...
CVE-2026-62350
TDengine (open-source time-series DB) -- vulnerability CVE-2026-62350 allows a user with create_udf privilege to upload a crafted shared library, install it as a UDF (e.g., eval), and execute arbitrary C code on the server via queries. Root cause: improper validation of UDF loading/execution lead...
CVE-2026-62355
TDengine (TDengine Cloud DB) prior to 3.4.1.15 had a permission issue where a Data Reader admin_user could run create udf and access non-database objects, despite read-only intent for standard users. The vulnerability impact is limited to unauthorized creation of user-defined functions and relate...
PT-2026-60267
Name of the Vulnerable Software and Affected Versions TDengine versions prior to 3.4.1.15 Description An unauthenticated out-of-bounds read, uncontrolled allocation, and integer underflow can occur when the server processes malformed RPC packets. This happens because the transDecompressMsg functi...
CVE-2026-42542
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...
CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...
CVE-2026-42542
CVE-2026-42542 affects TDengine versions 3.4.0.0–3.4.1.5. An unauthenticated remote attacker can cause a denial of service by sending a single crafted RPC packet, triggering an integer underflow in uvConnMayGetUserInfo() and crashing the taosd server. Impact is limited to availability (A) with ne...
CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...
EUVD-2026-36136
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...
CVE-2026-42542 TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version...