CVE-2026-40007
Received Received - Intake

Stack Overflow in Apache IoTDB AirGap Receiver

Vulnerability report for CVE-2026-40007, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-10

Last updated on: 2026-07-10

Assigner: Apache Software Foundation

Description

Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it recognises the E-language prefix in socket data, with no depth limit. An unauthenticated attacker can send a stream of repeated E-language prefixes that drives the recursion arbitrarily deep, exhausting the receiver thread's JVM stack and raising StackOverflowError. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-10
Last Modified
2026-07-10
Generated
2026-07-10
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 2 associated CPEs
Vendor Product Version / Range
apache iotdb From 1.0.0 (inc) to 2.0.10 (exc)
apache iotdb 2.0.10

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-674 The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an Uncontrolled Recursion and Uncontrolled Resource Consumption issue in Apache IoTDB. Specifically, when the configuration pipe_air_gap_receiver_enabled is set to true, the IoTDB AirGap receiver's readLength method calls itself recursively each time it detects the E-language prefix in socket data, without any limit on recursion depth.

An unauthenticated attacker can exploit this by sending a stream of repeated E-language prefixes, causing the recursion to go arbitrarily deep. This exhausts the JVM stack of the receiver thread and results in a StackOverflowError.

Impact Analysis

The vulnerability can lead to a denial of service condition by exhausting the JVM stack of the receiver thread through uncontrolled recursion. This causes the affected Apache IoTDB service to crash or become unresponsive due to StackOverflowError.

Since the attacker does not need to be authenticated, this can be exploited remotely to disrupt the availability of the IoTDB service.

Mitigation Strategies

To mitigate this vulnerability, users are recommended to upgrade Apache IoTDB to version 2.0.10, which contains the fix for this issue.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40007. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart