Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-40007

Gravedad CVSS v3.1:
ALTA
Tipo:
CWE-400 Consumo de recursos no controlado (Agotamiento de recursos)
Fecha de publicación:
10/07/2026
Última modificación:
10/07/2026

Descripción

*** Pendiente de traducción *** Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.<br /> When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver&amp;#39;s<br /> readLength method calls itself recursively each time it recognises the<br /> E-language prefix in socket data, with no depth limit. An unauthenticated<br /> attacker can send a stream of repeated E-language prefixes that drives the<br /> recursion arbitrarily deep, exhausting the receiver thread&amp;#39;s JVM stack and<br /> raising StackOverflowError.<br /> <br /> <br /> This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.<br /> <br /> Users are recommended to upgrade to version 2.0.10, which fixes the issue.