Skip to main content

TDengine CVE-2026-62355

| EUVDEUVD-2026-44764 MEDIUM
Improper Privilege Management (CWE-269)
2026-07-15 security-advisories@github.com
5.4
CVSS 3.1 · Vendor: github
Share

Severity by source

Vendor (github) PRIMARY
5.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
vuln.today AI
5.4 MEDIUM

Authenticated network access required (PR:L, AV:N); UDF creation yields limited but real integrity and confidentiality impact within unchanged scope.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (github).

CVSS VectorVendor: github

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch available
Jul 15, 2026 - 21:18 EUVD
Analysis Generated
Jul 15, 2026 - 19:33 vuln.today

DescriptionCVE.org

TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, a Data Reader admin_user on a TDengine Cloud DB instance could run create udf even though standard users should have read-only permissions for non-database objects and show dnodes and create user were denied. This issue is fixed in version 3.4.1.15.

AnalysisAI

Improper privilege management in TDengine Cloud DB prior to 3.4.1.15 allows an authenticated Data Reader admin_user to execute create udf (user-defined function) commands that should be restricted to higher-privilege roles. While the same role is correctly denied show dnodes and create user, the UDF creation permission was left ungated, creating a privilege escalation path within the database engine. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain Data Reader credentials
Delivery
Authenticate to TDengine Cloud DB
Exploit
Issue `create udf` statement
Execution
Load unauthorized user-defined function
Impact
Manipulate queries or access restricted data

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid Data Reader admin_user account on a TDengine Cloud DB instance running a version prior to 3.4.1.15. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 score of 5.4 (Medium) with vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N accurately reflects the bounded risk: exploitation requires authenticated low-privilege access (PR:L), limiting the attacker pool to existing Data Reader credential holders. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained Data Reader credentials for a TDengine Cloud DB instance - whether through phishing, credential stuffing, or insider access - connects to the database over the network and issues a `create udf` statement to load a custom function. Because the ACL check is absent for this command in the affected versions, the command succeeds despite the read-only role, allowing the attacker to introduce a UDF that may manipulate query results or access data outside their intended scope. …
Remediation Upgrade TDengine to version 3.4.1.15 or later, which resolves the missing ACL check on the `create udf` command for Data Reader admin_user accounts. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-62355 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy