Vulnerability in Apache Software Foundation Iotdb

CVE-2026-24013

Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSe…

Affected products

Weakness classification (CWE)

References