6.5
CVE-2026-40009
- EPSS 0.13%
- Veröffentlicht 10.07.2026 07:15:07
- Zuletzt bearbeitet 10.07.2026 19:17:23
- Quelle security@apache.org
- CVE-Watchlists
- Unerledigt
Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerApache Software Foundation
≫
Produkt
Apache IoTDB
Default Statusunaffected
Version
2.0.8
Version <
2.0.10
Status
affected
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.13% | 0.031 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
https://lists.apache.org/thread/65hh7dh28rcxlzdzwdpt630321tr8b61
http://www.openwall.com/lists/oss-security/2026/07/10/6