CVE-2026-24713
CRITICAL WAF: Medium
CVSS 9.8
Published: 2026-03-09
CWE-20
Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| apache | iotdb | 1.0.0 - 1.3.7 |
| apache | iotdb | 2.0.0 - 2.0.7 |
References
- lists.apache.org (Mailing List)
- www.openwall.com (Mailing List, Third Party Advisory)