CVE-2026-24713
Apache IoTDB: JEXL Expression Injection Vulnerability
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.8EPSS 0.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
09 mar 2026Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Improper Input Validation vulnerability in Apache IoTDB.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.7, from 2.0.0 before 2.0.7.
Users are recommended to upgrade to version 1.3.7 or 2.0.7, which fixes the issue.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Apache Software Foundation · Apache IoTDB