Lucene search
K

5 matches found

CVE
CVE
added 2026/03/09 8:59 a.m.19 views

CVE-2026-24713

CVE-2026-24713 relates to an improper input validation vulnerability in Apache IoTDB. Affected versions are 1.0.0 before 1.3.7 and 2.0.0 before 2.0.7. Upgrading to 1.3.7 or 2.0.7 is recommended as a fix. Some sources describe the impact as potentially enabling remote code execution through crafte...

9.8CVSS5.8AI score0.00662EPSS
CVE
CVE
added 5 days ago18 views

CVE-2026-24013

CVE-2026-24013 affects Apache IoTDB (1.3.3–before 2.0.8). The issue is authentication bypass via forged sessionId in Thrift RPC handlers that do not validate sessionId, enabling unauthorized reading of time-series data without openSession authentication. A fix is available in IoTDB 2.0.8; upgrade...

9.1CVSS6AI score0.00471EPSS
CVE
CVE
added 2026/03/09 8:57 a.m.16 views

CVE-2026-24015

CVE-2026-24015 (Apache IoTDB) affects IoTDB releases prior to 1.3.7 and prior to 2.0.7. Affected components include iotdb-server and related libraries (node-commons). Root cause described across sources is an insecure default configuration that allows binding to an unrestricted IP address, enabli...

9.8CVSS5.8AI score0.00584EPSS
CVE
CVE
added 5 days ago13 views

CVE-2026-24012

CVE-2026-24012 – Apache IoTDB Denial of Service via Resource Exhaustion Description: An interface fails to cap the time span and aggregation interval of queries. An attacker can request an extremely large time range with a tiny interval, causing the DataNode to build an enormous result set in mem...

7.5CVSS6AI score0.00546EPSS
CVE
CVE
added 5 days ago11 views

CVE-2026-24014

CVE-2026-24014 — Apache IoTDB Path Traversal in DataNode Trigger JAR Upload : The issue arises in IoTDB’s DataNode internal RPC interface used to create Trigger instances. The JAR name is used to build a file path without sufficient validation, enabling path traversal if the RPC port is reachable...

9.8CVSS6AI score0.00509EPSS