Skip to main content

Apache IoTDB CVE-2026-40454

| EUVDEUVD-2026-42839 HIGH
Out-of-bounds Read (CWE-125)
2026-07-10 apache GHSA-74ph-cx7x-v56m
7.5
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
7.5 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Client crashes on malicious server data with no confidentiality/integrity impact, so C:N/I:N/A:H; kept AV:N/PR:N to match the network parsing path, though a malicious server is a real prerequisite.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (apache).

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jul 10, 2026 - 15:30 vuln.today
v3 (cvss_changed)
Analysis Updated
Jul 10, 2026 - 15:30 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jul 10, 2026 - 15:22 vuln.today
cvss_changed
CVSS changed
Jul 10, 2026 - 15:22 NVD
7.5 (HIGH)
Patch available
Jul 10, 2026 - 09:16 EUVD
Analysis Generated
Jul 10, 2026 - 08:20 vuln.today

DescriptionCVE.org

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data.

This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.

Users are recommended to upgrade to version 2.0.10, which fixes the issue.

AnalysisAI

Denial of service in the Apache IoTDB C++ client (versions 1.3.5 before 1.3.8 and 2.0.5 before 2.0.10) allows a malicious or compromised IoTDB server to crash any connected client by returning malformed TsBlock response data. The client's TsBlock deserializer performs out-of-bounds reads (CWE-125) on attacker-controlled server payloads, terminating the client process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Attacker controls or MITMs IoTDB server
Delivery
Client issues query over connection
Exploit
Server returns malformed TsBlock
Execution
Deserializer reads out of bounds
Impact
Client process crashes (DoS)

Vulnerability AssessmentAI

Exploitation Exploitation requires the victim's Apache IoTDB C++ client (1.3.5-1.3.7 or 2.0.5-2.0.9) to receive malformed TsBlock data from the server it queries, so the attacker must control or compromise the IoTDB server endpoint, or man-in-the-middle an unauthenticated/unencrypted client-server connection, and the trigger fires during normal result deserialization. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 base score is 7.5 (HIGH) driven entirely by A:H with C:N/I:N - this is a pure availability/DoS issue, not code execution or data disclosure, so the 'HIGH' label overstates business impact for most deployments. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who operates or has compromised an IoTDB server (or holds a man-in-the-middle position on an unencrypted client-server link) returns a crafted TsBlock with inconsistent length fields when a C++ client issues a query. The client's deserializer reads out of bounds while parsing the block and crashes, denying service to the application; no user interaction beyond the normal query is required and no exploit code is publicly known at time of analysis.
Remediation Vendor-released patch: upgrade the C++ client to 2.0.10 (the version the advisory explicitly recommends) on the 2.0.x line, or to 1.3.8 on the 1.3.x maintenance line, then rebuild and redeploy any C++ applications that link the client library. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all systems and applications using Apache IoTDB C++ client versions 1.3.5-1.3.7 or 2.0.5-2.0.9. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-40454 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy