Authentication Bypass Vulnerability in Apache IoTDB Affecting Multiple Versions
CVE-2026-28564

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
10 July 2026

What is CVE-2026-28564?

An authentication bypass vulnerability exists in Apache IoTDB, which allows attackers to exploit insufficient session expiration and leverage stale cached credentials from REST Basic Authentication. This enables unauthorized access to the system during an ongoing session, potentially exposing sensitive data and compromising overall security. Users are strongly advised to upgrade to version 2.0.10 or later to mitigate this risk.

Affected Version(s)

Apache IoTDB 1.0.0 < 2.0.10

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Aristore (https://github.com/aristorechina)
.