Known Vulnerabilities for Iotdb by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Iotdb" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-40454 json | Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ clie... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-40452 json | Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuer... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-40009 json | Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to ful... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-40008 json | Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe pr... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-40007 json | Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=t... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-40006 json | Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-40005 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-28564 json | Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentica... | Not Provided | 2026-07-10 | 2026-07-10 |
| CVE-2026-24014 json | Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a... | Not Provided | 2026-07-06 | 2026-07-06 |
| CVE-2026-24013 json | Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of ... | Not Provided | 2026-07-06 | 2026-07-06 |