THREAT OPS › Threat News › CVE-2026-40009: Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor
CVE-2026-40009: Apache IoTDB: Authenticated users can escalate to full tree-path access by renaming themselves to __internal_auditor
<p>Posted by Haonan Hou on Jul 10</p>Severity: important <br /> <br /> Affected versions:<br /> <br /> - Apache IoTDB 2.0.8 before 2.0.10<br /> <br /> Description:<br /> <br /> Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB.<br /> Authenticated users can escalate to full tree-path access by renaming<br /> themselves to __internal_auditor.<br /> <br /> This iss
Indicators of compromise
- CVE-2026-40009cve
Original source: https://seclists.org/oss-sec/2026/q3/116