PT-2026-57104 · Apache · Apache Iotdb
Andrea Cosentino
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-40005
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.
An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Iotdb