CVE-2026-42542
Analyzed Analyzed - Analysis Complete

Unauthenticated RPC Packet Crash in TDengine

Vulnerability report for CVE-2026-42542, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-10

Last updated on: 2026-06-12

Assigner: GitHub, Inc.

Description

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-10
Last Modified
2026-06-12
Generated
2026-07-01
AI Q&A
2026-06-11
EPSS Evaluated
2026-06-30
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
tdengine tdengine From 3.4.0.0 (inc) to 3.4.1.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-191 The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

This vulnerability allows an unauthenticated remote attacker to crash the TDengine server process, causing a denial of service. However, it does not impact confidentiality or integrity of data.

Since the vulnerability does not lead to unauthorized access or data leakage, it is unlikely to directly violate compliance requirements related to data protection standards such as GDPR or HIPAA.

Nevertheless, the availability impact (denial of service) could affect service continuity obligations under some regulations, depending on the context of use.

Executive Summary

This vulnerability affects TDengine, an open source time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single specially crafted RPC packet. This means that no credentials or prior session state are required to exploit this issue. The problem is fixed in version 3.4.1.6.

Impact Analysis

The vulnerability allows an unauthenticated remote attacker to cause a denial of service by crashing the taosd server process. This can disrupt the availability of the TDengine database service, potentially impacting applications and systems that rely on it for time-series data, especially in Internet of Things environments.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade TDengine to version 3.4.1.6 or later, as this version fixes the issue.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or denial-of-service conditions in the taosd server process, which may be triggered by receiving a crafted RPC packet with specific characteristics.

Detection involves identifying suspicious RPC packets that have the following traits: the packet has the field withUserInfo set to 1, a small msgLen value that is less than the required offset (24 or 128 bytes depending on user type), and a forged CRC32 checksum.

Since the vulnerability is triggered by a malformed RPC packet, network traffic capture and analysis tools like tcpdump or Wireshark can be used to capture and inspect RPC packets sent to the taosd server port.

  • Use tcpdump to capture traffic on the taosd server port (default port may vary): tcpdump -i <interface> port <taosd_port> -w capture.pcap
  • Analyze captured packets with Wireshark or tshark to filter for RPC packets with suspiciously small msgLen fields and withUserInfo=1.
  • Monitor taosd server logs and system logs for crashes or segmentation faults that may indicate exploitation attempts.

No specific detection commands or signatures are provided in the available resources, so custom packet inspection or IDS/IPS rules would need to be developed based on the vulnerability details.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42542. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart