PT-2026-57106 · Apache · Apache Iotdb
Bugbunny.Ai
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-40007
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.
When pipe air gap receiver enabled=true, the IoTDB AirGap receiver's
readLength method calls itself recursively each time it recognises the
E-language prefix in socket data, with no depth limit. An unauthenticated
attacker can send a stream of repeated E-language prefixes that drives the
recursion arbitrarily deep, exhausting the receiver thread's JVM stack and
raising StackOverflowError.
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Fix
Resource Exhaustion
Uncontrolled Recursion
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Iotdb