PT-2026-57109 · Apache · Apache Iotdb
Bugbunny.Ai
·
Published
2026-07-10
·
Updated
2026-07-10
·
CVE-2026-40452
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB.
Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users.
This issue affects Apache IoTDB: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Fix
Improper Access Control
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apache Iotdb