Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.
An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API.
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Metrics
Affected Vendors & Products
References
History
Fri, 10 Jul 2026 09:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apache
Apache iotdb |
|
| Vendors & Products |
Apache
Apache iotdb |
Fri, 10 Jul 2026 08:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB. An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsafe API. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue. | |
| Title | Apache IoTDB: Path Traversal in Pipe File Transfer Receiver | |
| Weaknesses | CWE-22 | |
| References |
|
Status: PUBLISHED
Assigner: apache
Published:
Updated: 2026-07-10T07:09:49.770Z
Reserved: 2026-04-08T08:40:49.866Z
Link: CVE-2026-40005
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-10T09:30:13Z