Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Apache IoTDB Has a Security Risk Due to Insecure Default Settings
CVE-2026-24015
GHSA-74cf-pgh9-m5q2
Summary
Apache IoTDB's default settings can be exploited by attackers. This affects versions 1.0.0 through 1.3.7 and 2.0.0 through 2.0.7. To fix this, update to version 1.3.7 or 2.0.7.
What to do
- Update org.apache.iotdb:iotdb-core to version 1.3.7.
- Update org.apache.iotdb:iotdb-core to version 2.0.7.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | org.apache.iotdb:iotdb-core | > 1.0.0 , <= 1.3.7 | 1.3.7 |
| – | org.apache.iotdb:iotdb-core | > 2.0.0 , <= 2.0.7 | 2.0.7 |
| apache | iotdb | > 1.0.0 , <= 1.3.7 | – |
| apache | iotdb | > 2.0.0 , <= 2.0.7 | – |
Original title
Apache IoTDB has an Insecure Default Configuration Vulnerability
Original description
A vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
Vulnerability type
CWE-1327
- https://lists.apache.org/thread/j769ywdqm46zl3oz5lbffsldklg0ow7p
- http://www.openwall.com/lists/oss-security/2026/03/09/5
- https://nvd.nist.gov/vuln/detail/CVE-2026-24015
- https://github.com/apache/iotdb/compare/v1.3.6...v1.3.7
- https://github.com/apache/iotdb/compare/v2.0.6...v2.0.7
- https://github.com/apache/iotdb/releases/tag/v1.3.7
- https://github.com/apache/iotdb/releases/tag/v2.0.7
- https://github.com/advisories/GHSA-74cf-pgh9-m5q2
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026