Improper Access Control in TDengine Time-Series Database
CVE-2026-62355

5.4MEDIUM

Key Information:

Vendor

Taosdata

Status
Vendor
CVE Published:
15 July 2026

What is CVE-2026-62355?

TDengine Cloud DB, known for its open-source time-series database designed for Internet of Things (IoT) applications, exhibits an access control vulnerability. This issue allows privileged actions to be executed by admin users, specifically enabling them to create user-defined functions (UDFs) when standard users should only have read-only access to non-database objects. Such permissions misconfigurations can lead to significant data integrity risks, as they violate the principle of least privilege.

Affected Version(s)

TDengine < 3.4.1.15

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.