CVE-2026-62351
TDengine before 3.4.1.15 is affected. In transDecompressMsg() within source/libs/transport/src/transComm.c, the code reads STransCompMsg.contLen when pHead->comp == 1 without first validating that the RPC packet contains the 8-byte STransCompMsg structure. This can cause an unauthenticated out...