English
EN
Français
FR
Language
English
EN
Français
FR

CVE Vulnerabilities

Posts & Pages

No results found for ""

Try different keywords or check spelling

Search in CVE database, posts & pages • Press ESC to close

DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2026-24713

Critical
Low Medium High Critical
9.8
CVSS Score
Published: Mar 09, 2026
Last Modified: Mar 10, 2026
CWE: CWE-20

Vulnerability Description

Improper Input Validation vulnerability in Apache IoTDB.

This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.

Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
H
Integrity
H
Availability
H

Known Affected Software

21 configuration(s) from 1 vendor(s)

iotdb
Version:
2.0.1
CPE:
cpe:2.3:a:apache:iotdb:2.0.1:beta:*:*:*:*:*:*
iotdb
Version:
1.0.1
CPE:
cpe:2.3:a:apache:iotdb:1.0.1:*:*:*:*:*:*:*
iotdb
Version:
1.2.1
CPE:
cpe:2.3:a:apache:iotdb:1.2.1:*:*:*:*:*:*:*
iotdb
Version:
1.2.0
CPE:
cpe:2.3:a:apache:iotdb:1.2.0:*:*:*:*:*:*:*
iotdb
Version:
1.3.2
CPE:
cpe:2.3:a:apache:iotdb:1.3.2:*:*:*:*:*:*:*
iotdb
Version:
1.2.2
CPE:
cpe:2.3:a:apache:iotdb:1.2.2:*:*:*:*:*:*:*
iotdb
Version:
1.3.4-1
CPE:
cpe:2.3:a:apache:iotdb:1.3.4-1:*:*:*:*:*:*:*
iotdb
Version:
1.1.0
CPE:
cpe:2.3:a:apache:iotdb:1.1.0:*:*:*:*:*:*:*
iotdb
Version:
2.0.5
CPE:
cpe:2.3:a:apache:iotdb:2.0.5:*:*:*:*:*:*:*
iotdb
Version:
1.3.0
CPE:
cpe:2.3:a:apache:iotdb:1.3.0:*:*:*:*:*:*:*
iotdb
Version:
1.3.3
CPE:
cpe:2.3:a:apache:iotdb:1.3.3:*:*:*:*:*:*:*
iotdb
Version:
2.0.3
CPE:
cpe:2.3:a:apache:iotdb:2.0.3:*:*:*:*:*:*:*
iotdb
Version:
2.0.2
CPE:
cpe:2.3:a:apache:iotdb:2.0.2:*:*:*:*:*:*:*
iotdb
Version:
1.3.1
CPE:
cpe:2.3:a:apache:iotdb:1.3.1:*:*:*:*:*:*:*
iotdb
Version:
1.3.4
CPE:
cpe:2.3:a:apache:iotdb:1.3.4:*:*:*:*:*:*:*
iotdb
Version:
1.3.5
CPE:
cpe:2.3:a:apache:iotdb:1.3.5:*:*:*:*:*:*:*
iotdb
Version:
2.0.2-1
CPE:
cpe:2.3:a:apache:iotdb:2.0.2-1:*:*:*:*:*:*:*
iotdb
Version:
1.1.2
CPE:
cpe:2.3:a:apache:iotdb:1.1.2:*:*:*:*:*:*:*
iotdb
Version:
1.1.1
CPE:
cpe:2.3:a:apache:iotdb:1.1.1:*:*:*:*:*:*:*
iotdb
Version:
1.0.0
CPE:
cpe:2.3:a:apache:iotdb:1.0.0:*:*:*:*:*:*:*
iotdb
Version:
2.0.4
CPE:
cpe:2.3:a:apache:iotdb:2.0.4:*:*:*:*:*:*:*
This vulnerability affects 21 software configuration(s). Ensure you patch all affected systems.

References & Resources

Severity Details

9.8
out of 10.0
Critical

Weakness Type (CWE)

CWE-20 Top 25 #14

Improper Input Validation

Description
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Exploit Likelihood
High
Typical Severity
High
Abstraction Level
Class
View CWE Details on MITRE

Key Information

Published Date
March 09, 2026

External Resources

NIST
NIST NVD
National Vulnerability Database
MT
MITRE CVE
Official CVE record