Authentication Bypass Vulnerability in Apache IoTDB Affecting Multiple Versions
CVE-2026-28564
Currently unrated
What is CVE-2026-28564?
An authentication bypass vulnerability exists in Apache IoTDB, which allows attackers to exploit insufficient session expiration and leverage stale cached credentials from REST Basic Authentication. This enables unauthorized access to the system during an ongoing session, potentially exposing sensitive data and compromising overall security. Users are strongly advised to upgrade to version 2.0.10 or later to mitigate this risk.
Affected Version(s)
Apache IoTDB 1.0.0 < 2.0.10