Known Vulnerabilities for Iotdb by Apache

Listed below are 10 of the newest known vulnerabilities associated with "Iotdb" by "Apache".

These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.

Data on known vulnerable versions is also displayed based on information from known CPEs

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-40454 json Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ clie... Not Provided 2026-07-10 2026-07-10
CVE-2026-40452 json Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB. Authorization bypass in /rest/v2/fastLastQuer... Not Provided 2026-07-10 2026-07-10
CVE-2026-40009 json Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to ful... Not Provided 2026-07-10 2026-07-10
CVE-2026-40008 json Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe pr... Not Provided 2026-07-10 2026-07-10
CVE-2026-40007 json Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=t... Not Provided 2026-07-10 2026-07-10
CVE-2026-40006 json Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for... Not Provided 2026-07-10 2026-07-10
CVE-2026-40005 json Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can... Not Provided 2026-07-10 2026-07-10
CVE-2026-28564 json Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentica... Not Provided 2026-07-10 2026-07-10
CVE-2026-24014 json Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a... Not Provided 2026-07-06 2026-07-06
CVE-2026-24013 json Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of ... Not Provided 2026-07-06 2026-07-06

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationApacheIotdb0.9.2
ApplicationApacheIotdb0.9.1
ApplicationApacheIotdb0.9.0
ApplicationApacheIotdb0.8.2
ApplicationApacheIotdb0.8.0
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report