THREAT OPS › Threat News › CVE-2026-28564: Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials
CVE-2026-28564: Apache IoTDB: REST Basic Authentication Accepts Stale Cached Credentials
<p>Posted by Haonan Hou on Jul 10</p>Severity: important <br /> <br /> Affected versions:<br /> <br /> - Apache IoTDB 1.0.0 before 2.0.10<br /> <br /> Description:<br /> <br /> Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB.<br /> REST Basic Authentication Accepts Stale Cached Credentials<br /> <br /> This issue affects Apache IoTDB: from 1.0
MITRE ATT&CK techniques
- CredentialsT1589.001
Indicators of compromise
- CVE-2026-28564cve
Original source: https://seclists.org/oss-sec/2026/q3/111