securityonline.info 7/11/2026, 2:31:06 AM · external

Apache IoTDB Fixes Path Traversal and Authentication Bypass Flaws (CVE-2026-24014)

Apache IoTDB Fixes Path Traversal and Authentication Bypass Flaws (CVE-2026-24014)
CyberSIXT Evidence Panel

TODAY , two active exploits were detected involving two vulnerabilities: CVE-2026-56291 and CVE-2026-48939, related to unrestricted file uploads in Balbooa Forms and iCagenda respectively. In addition, Apache IoTDB has three critical vulnerabilities (CVE-2026-24014, CVE-2026-24012, and CVE-2026-24013) patched in version 2.0.8, with the most severe being a path traversal flaw allowing arbitrary file writes (CVSS score 9.8).

The other vulnerabilities include an authentication bypass (score 9.1) and a denial-of-service issue (score 7.5). No confirmed exploitation has occurred yet, but it is recommended to update to version 2.0.8 to mitigate these risks.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline