THREAT OPS › Threat News › CVE-2026-40005: Apache IoTDB: Path Traversal in Pipe File Transfer Receiver
CVE-2026-40005: Apache IoTDB: Path Traversal in Pipe File Transfer Receiver
<p>Posted by Haonan Hou on Jul 10</p>Severity: important <br /> <br /> Affected versions:<br /> <br /> - Apache IoTDB 1.0.0 before 2.0.10<br /> <br /> Description:<br /> <br /> Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache IoTDB.<br /> An attacker can write arbitrary files anywhere the IoTDB process has write permissions with unsaf
Indicators of compromise
- CVE-2026-40005cve
Original source: https://seclists.org/oss-sec/2026/q3/112