PT-2026-57108 · Apache · Apache Iotdb
Bugbunny.Ai
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-40009
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB.
Authenticated users can escalate to full tree-path access by renaming
themselves to internal auditor.
This issue affects Apache IoTDB: from 2.0.8 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Fix
Improper Access Control
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Iotdb