Apache Iotdb
17 CVEs affecting Apache Iotdb. Latest disclosed: 2026-03-09. Critical: 7, High: 9.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-24713 | Critical | 9.8 | 2026-03-09 | Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recomme… |
CVE-2026-24015 | Critical | 9.8 | 2026-03-09 | A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to versi… |
CVE-2024-24780 | Critical | 9.8 | 2025-05-14 | Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function fro… |
CVE-2023-46226 | Critical | 9.8 | 2024-01-15 | Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3… |
CVE-2023-51656 | Critical | 9.8 | 2023-12-21 | Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are recommended to upgrade… |
CVE-2023-24831 | Critical | 9.8 | 2023-04-17 | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB Grafana Connector: from 0.13.0 through 0.13.3… |
CVE-2020-1952 | Critical | 9.8 | 2020-04-27 | An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no certification.Then, clients cou… |
CVE-2023-24829 | High | 8.8 | 2023-01-31 | Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from 0.13.0 before 0.13.3… |
CVE-2022-38369 | High | 8.8 | 2022-09-05 | Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue. |
CVE-2025-48392 | High | 7.5 | 2025-09-24 | A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are recommended to upgrade t… |
CVE-2025-26864 | High | 7.5 | 2025-05-14 | Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache Io… |
CVE-2025-26795 | High | 7.5 | 2025-05-14 | Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB JDBC driver. This i… |
CVE-2023-24830 | High | 7.5 | 2023-01-30 | Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from 0.13.0 before 0.13.3. |
CVE-2022-43766 | High | 7.5 | 2022-10-26 | Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with… |
CVE-2022-38370 | High | 7.5 | 2022-09-05 | Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of database. Users should up… |
CVE-2020-25649 | High | 7.5 | 2020-12-03 | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity… |
CVE-2025-48459 | Medium | 5.3 | 2025-09-24 | Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are recommended to upgrade t… |