CRITICAL🇵🇱 Wersja polska

CVE-2026-24015

CVSS 9.8v3.1pub. 2026-03-09upd. 2026-03-10

A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.

🤖 AI Analysis
How it works

The detailed mechanism of the vulnerability has not been disclosed in the available description. The attack vector (AV:N/AC:L/PR:N/UI:N) indicates that the exploit can be conducted remotely over the network, without the need for privileges or user interaction. CWE-1327 suggests improper management or validation in the security area.

Impact

An attacker can gain full control over the vulnerable system, which includes unauthorized access to data (confidentiality), ability to modify it (integrity), and disruption of service (availability).

Mitigation & patch

Apache IoTDB should be updated as soon as possible to version 1.3.7 (for 1.x branch) or 2.0.7 (for 2.x branch), which contain a patch eliminating the described vulnerability.

Who is affected

Apache IoTDB in versions from 1.0.0 to 1.3.7 (excluding 1.3.7) and from 2.0.0 to 2.0.7 (excluding 2.0.7)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Iotdb

    APP
    Apache
    1.0.0 – 1.3.7 (bez)2.0.0 – 2.0.7 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-24713CRITICAL9.8PL ✓ten sam produkt

Nieprawidłowa walidacja danych wejściowych w Apache IoTDB — RCE/injection

CVE-2024-24780CRITICAL9.8PL ✓ten sam produkt

Apache IoTDB: RCE przez rejestrację złośliwej funkcji UDF z niezaufanego URI

CVE-2023-46226CRITICAL9.8PL ✓ten sam produkt

RCE w Apache IoTDB — zdalne wykonanie kodu bez uwierzytelnienia

CVE-2023-51656CRITICAL9.8PL ✓ten sam produkt

Deserializacja niezaufanych danych w Apache IoTDB (RCE)

CVE-2023-24831CRITICAL9.8ten sam produkt

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoT...