PT-2026-60264 · Taosdata · Tdengine

CVE-2026-62348

·

Publicado

2026-07-15

·

Atualizado

2026-07-15

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND OPER SSMIGRATE DB privilege check was commented out. This issue is fixed in version 3.4.1.15.

Correção

Missing Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-62348

Produtos afetados

Tdengine