Resource Consumption Vulnerability in Apache IoTDB
CVE-2026-24012
Currently unrated
What is CVE-2026-24012?
An uncontrolled resource consumption vulnerability in Apache IoTDB allows an attacker to exploit certain interface parameters. By issuing requests with excessive time spans and minimal aggregation intervals, an attacker can cause the DataNode to generate large result sets. This can overwhelm the Java heap, leading to crashes of the DataNode process. Affected versions are 1.3.3 through 2.0.7, with users advised to upgrade to version 2.0.8 to mitigate this issue.
Affected Version(s)
Apache IoTDB 1.3.3 < 2.0.8