Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache IoTDB: Malicious Data Can Crash the Database
CVE-2026-24713
GHSA-6w48-2g9j-v9q5
Summary
Apache IoTDB's input validation is flawed, allowing hackers to crash the database. This affects older versions of Apache IoTDB, and updating to version 1.3.7 or 2.0.7 will fix the issue.
What to do
- Update org.apache.iotdb:iotdb-core to version 1.3.7.
- Update org.apache.iotdb:iotdb-core to version 2.0.7.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | org.apache.iotdb:iotdb-core | > 1.0.0 , <= 1.3.7 | 1.3.7 |
| – | org.apache.iotdb:iotdb-core | > 2.0.0 , <= 2.0.7 | 2.0.7 |
| apache | iotdb | > 1.0.0 , <= 1.3.7 | – |
| apache | iotdb | > 2.0.0 , <= 2.0.7 | – |
Original title
Apache IoTDB has an Improper Input Validation vulnerability
Original description
Improper Input Validation vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
Vulnerability type
CWE-20
Improper Input Validation
CWE-917
- https://lists.apache.org/thread/vopgv6y2ccw403b0zv7rvojjrh7x1j5p
- http://www.openwall.com/lists/oss-security/2026/03/09/4
- https://nvd.nist.gov/vuln/detail/CVE-2026-24713
- https://github.com/apache/iotdb/commit/8fbfddc5f83771f1b339c457de597fe877f686d2
- https://github.com/apache/iotdb/compare/v1.3.6...v1.3.7
- https://github.com/apache/iotdb/compare/v2.0.6...v2.0.7
- https://github.com/apache/iotdb/releases/tag/v1.3.7
- https://github.com/apache/iotdb/releases/tag/v2.0.7
- https://github.com/advisories/GHSA-6w48-2g9j-v9q5
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026