Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2779 articles · 174892 vulns · 37/41 feeds (7d)
← Back to list
7.5
CVE-2026-40454EXPLOITEDPATCHED
apache · iotdb c++

Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data

Description

Out-of-bounds Read, Improper Input Validation vulnerability in Apache IoTDB C++ client. Out-of-bounds reads in IoTDB C++ client TsBlock deserializer crash client process on malformed server data. This issue affects Apache IoTDB C++ client: from 1.3.5 before 1.3.8, from 2.0.5 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.

Affected Products

VendorProductVersions
apacheiotdb c++1.3.5, 2.0.5

References

  • https://lists.apache.org/thread/9wml325g6bpovw0jf5ymtc3xl7fwlkrn(vendor-advisory)

Related News (2 articles)

Tier C
oss-security3d ago
CVE-2026-40454: Apache IoTDB C++ client: Out-of-bounds reads in C++ client TsBlock deserializer crash client process on malformed server data
→ No new info (linked only)
Tier C
VulDB3d ago
CVE-2026-40454 | Apache IoTDB C++ client up to 1.3.7/2.0.9 TsBlock Deserializer out-of-bounds
→ No new info (linked only)
CVSS 3.17.5 HIGH
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA KEV❌ No
Actively exploited✅ Yes
Patch available
1.3.82.0.10
CWECWE-125, CWE-20
PublishedJul 10, 2026
Last enriched3d agov2
Trending Score42
Source articles2
Independent2
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-49844EXP
Apache Log4j API: Improper serialization of non-finite floating-point values in MapMessage.asJson()
Trending: 63
CRITICALCVE-2026-40008EXP
Apache IoTDB: Arbitrary Class Instantiation via Pipe Transfer RPC
Trending: 47
CRITICALCVE-2026-40005EXP
Apache IoTDB: Path Traversal in Pipe File Transfer Receiver
Trending: 47
CRITICALCVE-2026-28564EXP
Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials
Trending: 47
HIGHCVE-2026-40452EXP
Apache IoTDB: Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users
Trending: 42

Pin to Dashboard

Verification

State: unverified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 10, 2026
Discovered by ZDM
Jul 10, 2026
Updated: description, severity, affectedVersions, activelyExploited
Jul 10, 2026
Actively Exploited
Jul 10, 2026
Patch Available
Jul 10, 2026

Version History

v2
Last enriched 3d ago
v2Tier C3d ago

Updated severity to CRITICAL, added affected versions 1.3.7 and 2.0.9, and corrected exploit availability.

descriptionseverityaffectedVersionsactivelyExploited
via VulDB
v13d ago

Initial creation