CVE-2026-24015

CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...

CVE-2026-24713

CVE-2026-24713 relates to an improper input validation vulnerability in Apache IoTDB. Affected versions are 1.0.0 before 1.3.7 and 2.0.0 before 2.0.7. Upgrading to 1.3.7 or 2.0.7 is recommended as a fix. Some sources describe the impact as potentially enabling remote code execution through crafte...