Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
PR:L confirmed by low-privilege SQL user requirement; I:L and A:L reflect migration disruption without data exposure or full system compromise; no scope change as impact is confined to the database service.
Primary rating from Vendor (github).
CVSS VectorVendor: github
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE <id> against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND_OPER_SSMIGRATE_DB privilege check was commented out. This issue is fixed in version 3.4.1.15.
AnalysisAI
Privilege escalation in TDengine Enterprise (prior to 3.4.1.15) allows any authenticated low-privilege SQL user to abort active shared-storage migrations by issuing KILL SSMIGRATE commands that should be restricted to administrators. The MND_OPER_SSMIGRATE_DB privilege gate was inadvertently commented out in mndProcessKillSsMigrateReq, collapsing authorization enforcement entirely for this operation. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated TDengine Enterprise SQL account with at minimum low-privilege access, as confirmed by CVSS PR:L. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 5.4 (Medium) score reflects a network-accessible flaw requiring only low-privilege credentials (PR:L), with limited integrity and availability impact (I:L/A:L) and no confidentiality impact (C:N), which accurately captures the bounded scope of the flaw. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker holding any low-privilege TDengine Enterprise SQL account - such as a read-only reporting or monitoring user - connects to the database while an administrator is running a shared-storage migration. The attacker issues KILL SSMIGRATE <id> using a discovered or guessed migration ID, and the command succeeds immediately due to the missing privilege check, aborting the migration and potentially leaving data in a partially migrated or inconsistent state. … |
| Remediation | Upgrade TDengine Enterprise to version 3.4.1.15 or later, which restores the MND_OPER_SSMIGRATE_DB privilege check in mndProcessKillSsMigrateReq. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-44769