Authorization Bypass Vulnerability in Apache IoTDB by Apache
CVE-2026-40452
Currently unrated
What is CVE-2026-40452?
A vulnerability in Apache IoTDB allows unauthorized authenticated users to access sensitive last-value data through an authorization bypass in the /rest/v2/fastLastQuery endpoint. This issue impacts specific versions of Apache IoTDB ranging from 1.3.5 before 1.3.8 and 2.0.5 before 2.0.10. Users are advised to update to version 2.0.10, which addresses this security concern.
Affected Version(s)
Apache IoTDB 1.3.5 < 1.3.8
Apache IoTDB 2.0.5 < 2.0.10