Privilege escalation in Apache Software Foundation Iotdb

CVE-2026-40009

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue affects Apache IoTDB: from 2.0.8 bef…

Vulnerability class: Privilege Escalation

Affected products

Weakness classification (CWE)

References