Low-Privilege SQL User Vulnerability in TDengine Enterprise Database
CVE-2026-62348

5.4MEDIUM

Key Information:

Vendor

Taosdata

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-62348?

TDengine Enterprise, a time-series database designed for IoT applications, contains a vulnerability that allows authenticated low-privilege SQL users to execute the KILL SSMIGRATE command against an active shared-storage migration. This issue arises from inadequate privilege checks within the mndProcessKillSsMigrateReq function, leading to the execution of mndKillSsMigrate without proper authorization. This vulnerability has been addressed in version 3.4.1.15.

Affected Version(s)

TDengine < 3.4.1.15

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.