PT-2026-57103 · Apache · Apache Iotdb
Aristore
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-28564
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apache IoTDB versions 1.0.0 through 2.0.9
Description
An authentication bypass exists due to insufficient session expiration, allowing a capture-replay attack. The REST Basic Authentication mechanism accepts stale cached credentials, enabling a remote attacker to gain unauthorized access without requiring any privileges.
Recommendations
Upgrade to version 2.0.10.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Iotdb