Skip to main content

Apache Iotdb EUVDEUVD-2026-42834

| CVE-2026-40006 HIGH
Memory Allocation with Excessive Size Value (CWE-789)
2026-07-10 apache GHSA-qx9j-cv9x-384r
7.5
CVSS 3.1 · Vendor: apache
Share

Severity by source

Vendor (apache) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (apache) · only source for this CVE.

CVSS VectorVendor: apache

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jul 10, 2026 - 09:16 EUVD
Analysis Generated
Jul 10, 2026 - 08:25 vuln.today

DescriptionCVE.org

Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and readData passes it directly to new byte[length] with no upper-bound check. An unauthenticated attacker can cause the JVM to attempt an allocation of up to 2,147,483,647 bytes per connection, exhausting heap memory and crashing or severely degrading the DataNode process.

This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.

Users are recommended to upgrade to version 2.0.10, which fixes the issue.

AnalysisAI

Unauthenticated denial of service in Apache IoTDB (1.0.0 through 2.0.9) allows remote attackers to crash or degrade the DataNode process when the AirGap pipe receiver is enabled. The receiver's readLength method reads an attacker-controlled 32-bit length field from a raw TCP connection on port 9780 and passes it directly to new byte[length], letting a single connection trigger a heap allocation of up to ~2 GB and exhaust JVM memory. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: Audit all IoTDB deployments to identify instances with AirGap pipe receiver enabled and exposed to untrusted networks. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-40008 CRITICAL
9.8 Jul 10

Unsafe reflection in Apache IoTDB's pipe processor lets a user-supplied fully qualified Java class name be loaded and in

CVE-2026-28564 CRITICAL
9.8 Jul 10

Authentication bypass via capture-replay in Apache IoTDB (1.0.0 through 2.0.9) lets attackers reuse stale credentials ag

CVE-2026-24014 CRITICAL
9.8 Jul 06

Arbitrary file write in Apache IoTDB DataNode (versions 1.3.3 up to but not including 2.0.8) allows attackers who can re

CVE-2026-40005 CRITICAL
9.1 Jul 10

Arbitrary file write in Apache IoTDB (versions 1.0.0 through 2.0.9) lets remote attackers plant files anywhere the IoTDB

CVE-2026-24012 HIGH
7.5 Jul 06

Denial of service in Apache IoTDB versions 1.3.3 through 2.0.7 lets remote attackers crash the DataNode process by submi

CVE-2026-40452 HIGH
7.5 Jul 10

Authorization bypass in Apache IoTDB's REST API endpoint /rest/v2/fastLastQuery allows authenticated users to access las

CVE-2026-40007 HIGH
7.5 Jul 10

Denial of service in Apache IoTDB versions 1.0.0 up to (but not including) 2.0.10 lets an unauthenticated network attack

CVE-2026-24013 CRITICAL
9.1 Jul 06

Authentication bypass via sessionId spoofing in Apache IoTDB (1.3.3 through versions before 2.0.8) lets a remote, unauth

CVE-2026-40009 MEDIUM
6.5 Jul 10

Privilege escalation in Apache IoTDB 2.0.8 through 2.0.9 allows any authenticated low-privilege user to rename their own

CVE-2025-64152 CRITICAL
9.1 Jun 26

Path traversal in Apache IoTDB (1.0.0 before 1.3.6 and 2.0.0 before 2.0.7) allows remote attackers to read and write fil

CVE-2025-55017 CRITICAL
9.1 Jun 26

Path traversal in Apache IoTDB (versions 1.0.0–1.3.5 and 2.0.0–2.0.5) lets remote unauthenticated attackers reference fi

Share

EUVD-2026-42834 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy