Back to overview

CVE-2026-40006

Description
Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 with no authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and readData passes it directly to new byte[length] with no upper-bound check. An unauthenticated attacker can cause the JVM to attempt an allocation of up to 2,147,483,647 bytes per connection, exhausting heap memory and crashing or severely degrading the DataNode process. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.

Metadata

CVE ID
CVE-2026-40006
State
PUBLISHED
Assigner
apache
Reserved
2026-04-08 08:41 UTC
Published
2026-07-10 07:10 UTC
Last updated
2026-07-10 07:10 UTC
Primary CWE
CWE-789
CWE-789 Memory Allocation with Excessive Size Value
Vendor / Product
Apache Software Foundation / Apache IoTDB
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
Apache Software Foundation Apache IoTDB 1.0.0 < 2.0.10
Weakness (CWE)
CWESourceDescription
CWE-306 cna CWE-306 Missing Authentication for Critical Function
CWE-770 cna CWE-770 Allocation of Resources Without Limits or Throttling
CWE-789 cna CWE-789 Memory Allocation with Excessive Size Value
Back to overview