Vulnerability in Apache Software Foundation Iotdb
CVE-2026-24013
Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId parameter. An attacker can construct requests with a forged sessionId and, without performing openSe…
Affected products
- Apache Software Foundation Iotdb — versions 1.3.3
Weakness classification (CWE)
References
- security@apache.org (vendor-advisory)