CVE-2026-24014
The CVE concerns Apache IoTDB DataNode: an internal RPC for creating Trigger instances builds a file path from the uploaded Trigger JAR name without sufficient validation. If the DataNode RPC port is exposed to an untrusted network, an attacker could use path traversal in the JAR name to write fi...