THREAT OPS › Threat News › CVE-2026-40452: Apache IoTDB: Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users
CVE-2026-40452: Apache IoTDB: Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticated users
<p>Posted by Haonan Hou on Jul 10</p>Severity: moderate <br /> <br /> Affected versions:<br /> <br /> - Apache IoTDB 1.3.5 before 1.3.8<br /> - Apache IoTDB 2.0.5 before 2.0.10<br /> <br /> Description:<br /> <br /> Incorrect Authorization, Improper Access Control vulnerability in Apache IoTDB.<br /> Authorization bypass in /rest/v2/fastLastQuery exposes last-value data to unauthorized authenticat
Indicators of compromise
- CVE-2026-40452cve
Original source: https://seclists.org/oss-sec/2026/q3/117