CVE-2026-24012

Apache · IoTDB

Apache IoTDB is vulnerable to an uncontrolled resource consumption flaw, which can be triggered by unauthenticated attackers to cause a denial-of-service.

Executive summary

Apache IoTDB is susceptible to an uncontrolled resource consumption vulnerability that allows unauthenticated attackers to cause a denial-of-service by overwhelming system resources.

Vulnerability

This is an uncontrolled resource consumption vulnerability (CWE-400) where an unauthenticated attacker can send specially crafted requests to the system. These requests exhaust system resources, leading to service instability or a complete crash.

Business impact

The primary impact of this vulnerability is the disruption of critical IoT data processing services. A CVSS score of 7.5 highlights the ease of exploitation, which could lead to significant operational downtime for organizations relying on IoTDB for real-time data ingestion and analytics.

Remediation

Immediate Action: Apply the vendor-provided security updates to upgrade to a version beyond the affected range.

Proactive Monitoring: Monitor system resource metrics (CPU/Memory) for sudden, unexplained spikes that correlate with incoming network traffic.

Compensating Controls: Implement rate limiting and request validation at the network edge or via a reverse proxy to mitigate the impact of excessive resource consumption requests.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Because this vulnerability is easily exploitable over the network without authentication, it poses a direct threat to system availability. Administrators should prioritize upgrading their Apache IoTDB instances to the latest stable release to ensure continued service resilience.