CVE-2026-40454
Received
Received - Intake
Out-of-bounds Read in Apache IoTDB C++ Client
Vulnerability report for CVE-2026-40454, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-10
Last updated on: 2026-07-10
Assigner: Apache Software Foundation
Description
Description
Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client.
Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client
process on malformed server data.
This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apache | iotdb | From 1.3.5 (inc) to 1.3.8 (exc) |
| apache | iotdb | From 2.0.5 (inc) to 2.0.10 (exc) |
| apache | iotdb | 2.0.10 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |