Every CVE whose affected-product data names Apache Iotdb, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2026-24713 — CVSS 9.8 (critical): Improper Input Validation vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7…
CVE-2023-46226 — CVSS 9.8 (critical): Remote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to…
CVE-2023-51656 — CVSS 9.8 (critical): Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4. Users are…
CVE-2024-24780 — CVSS 9.8 (critical): Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register…
CVE-2026-24014 — CVSS 9.8 (critical): Apache IoTDB DataNode’s internal RPC interface for creating Trigger instances uses the uploaded Trigger JAR name to build a file path…
CVE-2026-24015 — CVSS 9.8 (critical): A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended…
CVE-2020-1952 — CVSS 9.8 (critical): An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. When starting IoTDB, the JMX port 31999 is exposed with no…
CVE-2026-24013 — CVSS 9.1 (critical): Authentication Bypass by Spoofing vulnerability in Apache IoTDB. Certain Thrift RPC query handlers lack strict validation of the sessionId…
CVE-2022-38369 — CVSS 8.8 (high): Apache IoTDB version 0.13.0 is vulnerable by session id attack. Users should upgrade to version 0.13.1 which addresses this issue.
CVE-2023-24829 — CVSS 8.8 (high): Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.This issue affects the iotdb-web-workbench component from…
CVE-2025-26864 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the…
CVE-2020-25649 — CVSS 7.5 (high): A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to…
CVE-2022-38370 — CVSS 7.5 (high): Apache IoTDB grafana-connector version 0.13.0 contains an interface without authorization, which may expose the internal structure of…
CVE-2022-43766 — CVSS 7.5 (high): Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for…
CVE-2023-24830 — CVSS 7.5 (high): Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects iotdb-web-workbench component: from…
CVE-2025-48392 — CVSS 7.5 (high): A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.3.3 through 1.3.4, from 2.0.1-beta through 2.0.4. Users are…
CVE-2026-24012 — CVSS 7.5 (high): Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and…
CVE-2025-26795 — CVSS 7.5 (high): Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in Apache IoTDB…
CVE-2025-48459 — CVSS 5.3 (medium): Deserialization of Untrusted Data vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 2.0.5. Users are…