Skip to main content

TDengine CVE-2026-62350

| EUVDEUVD-2026-44766 HIGH
Code Injection (CWE-94)
2026-07-15 security-advisories@github.com
7.2
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
7.2 HIGH

Exploited over the network via SQL but requires the high-level 'create udf' privilege (PR:H); native in-process code execution yields full C/I/A impact with no scope change (S:U).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
Jul 15, 2026 - 21:18 EUVD
Analysis Generated
Jul 15, 2026 - 19:32 vuln.today
CVE Published
Jul 15, 2026 - 19:18 cve.org
HIGH 7.2

DescriptionCVE.org

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a user with create udf privilege could upload a crafted shared library and install it as a user-defined function, such as eval, then execute arbitrary C code on the TDengine server side through database queries. This issue is fixed in version 3.4.1.15.

AnalysisAI

Server-side arbitrary code execution in TDengine time-series database (versions prior to 3.4.1.15) allows a database user holding the 'create udf' privilege to upload a malicious shared library, register it as a user-defined function (e.g. named 'eval'), and execute attacker-controlled native C code on the server by invoking that function through ordinary SQL queries. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with 'create udf' privilege
Delivery
Upload crafted C shared library
Exploit
Register library as UDF 'eval'
Execution
Invoke function via SQL query
Impact
Execute arbitrary native code on server

Vulnerability AssessmentAI

Exploitation Exploitation requires an authenticated TDengine account that holds the 'create udf' privilege - this is the exact, concrete prerequisite named in the advisory. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The supplied CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, base 7.2 High) is internally consistent with the description: the attack is delivered over the network via SQL queries (AV:N), is low-complexity (AC:L), requires no user interaction (UI:N), yields full C/I/A impact, but demands a high-privilege account holding 'create udf' (PR:H). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained (or been legitimately granted) a TDengine account with the 'create udf' privilege compiles a malicious C shared library containing arbitrary payload code, uploads it, and registers it as a user-defined function such as 'eval'. They then run a normal SQL query that invokes the function, causing their native code to execute inside the TDengine server process with that process's privileges. …
Remediation Upgrade to TDengine 3.4.1.15 or later, which remediates the issue - Vendor-released patch: 3.4.1.15 (per GHSA-f7wh-p233-87xv, https://github.com/taosdata/TDengine/security/advisories/GHSA-f7wh-p233-87xv). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, inventory all TDengine deployments and document which versions are currently in production, with priority given to systems storing sensitive business data. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62350 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy