Remote Code Execution Vulnerability in TDengine Database by Taos Data
CVE-2026-62350
7.2HIGH
What is CVE-2026-62350?
TDengine, an open-source time-series database designed for IoT applications, has a vulnerability that allows a user with the create udf privilege to upload a malicious shared library. This exploitation enables the installation of arbitrary user-defined functions, such as eval, allowing the execution of harmful C code on the TDengine server through database queries. This critical issue is addressed in TDengine version 3.4.1.15 and poses significant risks to any deployed instances prior to the fix.
Affected Version(s)
TDengine < 3.4.1.15
