Path Traversal Vulnerability in Apache IoTDB by Apache
CVE-2026-40005

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
10 July 2026

What is CVE-2026-40005?

A Path Traversal vulnerability in Apache IoTDB allows an attacker to write arbitrary files on the server where IoTDB operates, exploiting unsafe API methods. This can lead to unauthorized access to sensitive data or system files, particularly in scenarios where the IoTDB process has write permissions in unintended locations. Users are advised to upgrade to version 2.0.10 to mitigate this risk, ensuring their systems remain secure.

Affected Version(s)

Apache IoTDB 1.0.0 < 2.0.10

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Andrea Cosentino
.