Resource Consumption Vulnerability in Apache IoTDB
CVE-2026-24012

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
6 July 2026

What is CVE-2026-24012?

An uncontrolled resource consumption vulnerability in Apache IoTDB allows an attacker to exploit certain interface parameters. By issuing requests with excessive time spans and minimal aggregation intervals, an attacker can cause the DataNode to generate large result sets. This can overwhelm the Java heap, leading to crashes of the DataNode process. Affected versions are 1.3.3 through 2.0.7, with users advised to upgrade to version 2.0.8 to mitigate this issue.

Affected Version(s)

Apache IoTDB 1.3.3 < 2.0.8

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Yan Nan (Detecon Security Lab)
.