THREATOPS
THREAT OPSThreat News › CVE-2026-40007: Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError

CVE-2026-40007: Apache IoTDB: Unauthenticated unbounded recursion in IoTDB AirGap receiver's E-language prefix parser causes per-connection StackOverflowError

lowoss_secPublished 2026-07-10

<p>Posted by Haonan Hou on Jul 10</p>Severity: moderate <br /> <br /> Affected versions:<br /> <br /> - Apache IoTDB 1.0.0 before 2.0.10<br /> <br /> Description:<br /> <br /> Uncontrolled Recursion, Uncontrolled Resource Consumption vulnerability in Apache IoTDB.<br /> When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap receiver&apos;s<br /> readLength method calls itself recursively each t

Indicators of compromise

Original source: https://seclists.org/oss-sec/2026/q3/114