Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Unauthenticated network path-traversal write (AV:N/AC:L/PR:N/UI:N); primary impact is integrity (I:H) with availability risk (A:H) from overwriting data/config, no direct read so C:N.
Primary rating from Vendor (apache).
CVSS VectorVendor: apache
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
7DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Articles & Coverage 2
AnalysisAI
Arbitrary file write in Apache IoTDB (versions 1.0.0 through 2.0.9) lets remote attackers plant files anywhere the IoTDB process can write by abusing an unsafe API that fails to sanitize user-supplied pathnames. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N) indicates unauthenticated network exploitation with high confidentiality and integrity impact, and controlled file placement can escalate to code execution or overwrite of critical files. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires network access to the Apache IoTDB service and the ability to invoke the specific unsafe file-writing API that accepts an unsanitized pathname; per CVSS PR:N/UI:N/AC:L this needs no authentication, no user interaction, and no special deployment mode against affected 1.0.0-2.0.9 servers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and warrant scrutiny. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker with network reach to an exposed Apache IoTDB instance sends a crafted request to the unsafe API with a path parameter containing traversal sequences (e.g. '../../') or an absolute path, causing the server to write attacker-controlled content outside the intended directory. … |
| Remediation | Vendor-released patch: upgrade to Apache IoTDB 2.0.10, which fixes the path traversal, per the Apache advisory (https://lists.apache.org/thread/zw2vkbmy5xkf5y8g237v81hrs4c6b5lq). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all systems running Apache IoTDB and document deployed versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Apache Iotdb
View allUnsafe reflection in Apache IoTDB's pipe processor lets a user-supplied fully qualified Java class name be loaded and in
Authentication bypass via capture-replay in Apache IoTDB (1.0.0 through 2.0.9) lets attackers reuse stale credentials ag
Arbitrary file write in Apache IoTDB DataNode (versions 1.3.3 up to but not including 2.0.8) allows attackers who can re
Unauthenticated denial of service in Apache IoTDB (1.0.0 through 2.0.9) allows remote attackers to crash or degrade the
Denial of service in Apache IoTDB versions 1.3.3 through 2.0.7 lets remote attackers crash the DataNode process by submi
Authorization bypass in Apache IoTDB's REST API endpoint /rest/v2/fastLastQuery allows authenticated users to access las
Denial of service in Apache IoTDB versions 1.0.0 up to (but not including) 2.0.10 lets an unauthenticated network attack
Authentication bypass via sessionId spoofing in Apache IoTDB (1.3.3 through versions before 2.0.8) lets a remote, unauth
Privilege escalation in Apache IoTDB 2.0.8 through 2.0.9 allows any authenticated low-privilege user to rename their own
Path traversal in Apache IoTDB (1.0.0 before 1.3.6 and 2.0.0 before 2.0.7) allows remote attackers to read and write fil
Path traversal in Apache IoTDB (versions 1.0.0–1.3.5 and 2.0.0–2.0.5) lets remote unauthenticated attackers reference fi
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42833
GHSA-h3q7-wmrf-p69f