Skip to main content

TDengine CVE-2026-62348

| EUVDEUVD-2026-44769 MEDIUM
Missing Authorization (CWE-862)
2026-07-15 security-advisories@github.com
5.4
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
vuln.today AI
5.4 MEDIUM

PR:L confirmed by low-privilege SQL user requirement; I:L and A:L reflect migration disruption without data exposure or full system compromise; no scope change as impact is confined to the database service.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Patch available
Jul 15, 2026 - 21:18 EUVD
Analysis Generated
Jul 15, 2026 - 19:30 vuln.today

DescriptionCVE.org

TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE <id> against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND_OPER_SSMIGRATE_DB privilege check was commented out. This issue is fixed in version 3.4.1.15.

AnalysisAI

Privilege escalation in TDengine Enterprise (prior to 3.4.1.15) allows any authenticated low-privilege SQL user to abort active shared-storage migrations by issuing KILL SSMIGRATE commands that should be restricted to administrators. The MND_OPER_SSMIGRATE_DB privilege gate was inadvertently commented out in mndProcessKillSsMigrateReq, collapsing authorization enforcement entirely for this operation. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain low-privilege TDengine Enterprise credentials
Delivery
Connect to database over network
Exploit
Discover or enumerate active migration ID
Execution
Issue KILL SSMIGRATE <id>
Persist
Abort migration without authorization
Impact
Cause data migration disruption

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated TDengine Enterprise SQL account with at minimum low-privilege access, as confirmed by CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 5.4 (Medium) score reflects a network-accessible flaw requiring only low-privilege credentials (PR:L), with limited integrity and availability impact (I:L/A:L) and no confidentiality impact (C:N), which accurately captures the bounded scope of the flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker holding any low-privilege TDengine Enterprise SQL account - such as a read-only reporting or monitoring user - connects to the database while an administrator is running a shared-storage migration. The attacker issues KILL SSMIGRATE <id> using a discovered or guessed migration ID, and the command succeeds immediately due to the missing privilege check, aborting the migration and potentially leaving data in a partially migrated or inconsistent state. …
Remediation Upgrade TDengine Enterprise to version 3.4.1.15 or later, which restores the MND_OPER_SSMIGRATE_DB privilege check in mndProcessKillSsMigrateReq. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62348 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy