Low-Privilege SQL User Vulnerability in TDengine Enterprise Database
CVE-2026-62348
5.4MEDIUM
What is CVE-2026-62348?
TDengine Enterprise, a time-series database designed for IoT applications, contains a vulnerability that allows authenticated low-privilege SQL users to execute the KILL SSMIGRATE command against an active shared-storage migration. This issue arises from inadequate privilege checks within the mndProcessKillSsMigrateReq function, leading to the execution of mndKillSsMigrate without proper authorization. This vulnerability has been addressed in version 3.4.1.15.
Affected Version(s)
TDengine < 3.4.1.15
