CVE-2026-24012
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
06/07/2026
Last modified:
06/07/2026
Description
Uncontrolled Resource Consumption vulnerability in Apache IoTDB. <br />
<br />
Some interface fails to impose reasonable<br />
limits on the time span and aggregation interval of the query. An attacker<br />
can construct a request with extreme parameters (e.g., a very large time<br />
range combined with a minimal interval). This forces the DataNode to build<br />
an enormous result set in memory, which exhausts the Java heap and causes<br />
the DataNode process to crash.<br />
<br />
This issue affects Apache IoTDB: from 1.3.3 before 2.0.8.<br />
<br />
Users are recommended to upgrade to version 2.0.8, which fixes the issue.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH



