PT-2026-60264 · Taosdata · Tdengine
Published
2026-07-15
·
Updated
2026-07-15
·
CVE-2026-62348
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L |
TDengine is a time-series database optimized for Internet of Things devices. Prior to 3.4.1.15, TDengine Enterprise allowed an authenticated low-privilege SQL user to run KILL SSMIGRATE against an active shared-storage migration because mndProcessKillSsMigrateReq called mndKillSsMigrate while the intended MND OPER SSMIGRATE DB privilege check was commented out. This issue is fixed in version 3.4.1.15.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tdengine