Authorization Bypass Vulnerability in Apache IoTDB by Apache
CVE-2026-40452

Currently unrated

Key Information:

Vendor

Apache

Vendor
CVE Published:
10 July 2026

What is CVE-2026-40452?

A vulnerability in Apache IoTDB allows unauthorized authenticated users to access sensitive last-value data through an authorization bypass in the /rest/v2/fastLastQuery endpoint. This issue impacts specific versions of Apache IoTDB ranging from 1.3.5 before 1.3.8 and 2.0.5 before 2.0.10. Users are advised to update to version 2.0.10, which addresses this security concern.

Affected Version(s)

Apache IoTDB 1.3.5 < 1.3.8

Apache IoTDB 2.0.5 < 2.0.10

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

bugbunny.ai
.