PT-2026-60264 · Taosdata · Tdengine

Published

2026-07-15

·

Updated

2026-07-15

·

CVE-2026-62348

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND OPER SSMIGRATE DB privilege check was commented out. This issue is fixed in version 3.4.1.15.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-62348

Affected Products

Tdengine