PT-2026-57103 · Apache · Apache Iotdb

Aristore

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-28564

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Apache IoTDB versions 1.0.0 through 2.0.9
Description An authentication bypass exists due to insufficient session expiration, allowing a capture-replay attack. The REST Basic Authentication mechanism accepts stale cached credentials, enabling a remote attacker to gain unauthorized access without requiring any privileges.
Recommendations Upgrade to version 2.0.10.

Fix

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-28564

Affected Products

Apache Iotdb