Apache IoTDB CVE-2026-24015: versions <=1.3.6 & <=2.0.6 vulnerable
CVE-2026-24015 Published on March 9, 2026

Apache IoTDB: Insecure Default Configuration Vulnerability
A vulnerability in Apache IoTDB. This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7. Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.

Vendor Advisory NVD

Weakness Type

Binding to an Unrestricted IP Address

The product assigns the address 0.0.0.0 for a database server, a cloud service/instance, or any computing resource that communicates remotely.

Products Associated with CVE-2026-24015

Want to know whenever a new CVE is published for Apache Iotdb? stack.watch will email you.

Apache Iotdb

Affected Versions

Apache Software Foundation Apache IoTDB:

Version 1.0.0 and below 1.3.7 is affected.
Version 2.0.0 and below 2.0.7 is affected.

Apache IoTDB CVE-2026-24015: versions <=1.3.6 & <=2.0.6 vulnerableCVE-2026-24015 Published on March 9, 2026

Weakness Type

Binding to an Unrestricted IP Address

Products Associated with CVE-2026-24015

Affected Versions

Apache IoTDB CVE-2026-24015: versions <=1.3.6 & <=2.0.6 vulnerable
CVE-2026-24015 Published on March 9, 2026