PT-2026-57108 · Apache · Apache Iotdb

Bugbunny.Ai

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-40009

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internal auditor.
This issue affects Apache IoTDB: from 2.0.8 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.

Fix

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-40009

Affected Products

Apache Iotdb