CVE-2026-40006: Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB. When
Memory Allocation with Excessive Size Value, Allocation of Resources Without Limits or Throttling, Missing Authentication for Critical Function vulnerability in Apache IoTDB.
When pipe_air_gap_receiver_enabled=true, the IoTDB AirGap pipe receiver
accepts raw TCP connections on port 9780 with no authentication. The
readLength method reads an attacker-controlled 32-bit integer from the
socket and readData passes it directly to new byte[length] with no
upper-bound check. An unauthenticated attacker can cause the JVM to attempt
an allocation of up to 2,147,483,647 bytes per connection, exhausting heap
memory and crashing or severely degrading the DataNode process.
This issue affects Apache IoTDB: from 1.0.0 before 2.0.10.
Users are recommended to upgrade to version 2.0.10, which fixes the issue.
Details
Original advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-40006
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-400060.18% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 7% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-40006 | coverage & exploitation status | NVD · CVE.org |
Recent advisories for Memory Allocation with
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- lowCVE-2026-56373: ImageMagick before 7.1.2-15 contains a use-after-free vulnerability in the PDB decoder that us…nvd · 2026-07-10
- unknownCVE-2026-42953: The application contains an out-of-bounds write vulnerability that can be exploited by an atta…nvd · 2026-07-07
- highCVE-2026-21379: Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.nvd · 2026-07-06
- mediumGHSA-f962-qm93-mj4c: Coder's unbounded memory allocation in provisioner file upload allows authenticated denia…ghsa · 2026-07-06
- highCVE-2026-11586: By default, curl automatically responds to WebSocket PING frames. Because curl lacks an upper …nvd · 2026-07-03
- highCVE-2026-58465: Eclipse Wakaama before snapshot/2026-05-26 contains an unbounded memory allocation vulnerabili…nvd · 2026-07-02
More from NVD Recent CVEs
- unknownCVE-2026-57828: The Joomla extension Phoca Downloads is vulnerable to an authenticated arbitrary file upload t…2026-07-11
- unknownCVE-2026-57827: The Joomla extension RSFiles is vulnerable to an unauthenticated arbitrary file upload that al…2026-07-11
- highCVE-2026-1359: The Genolve – AI image AI video generation plugin for WordPress is vulnerable to unauthorized m…2026-07-11
- highCVE-2026-9282: The W3 Total Cache plugin for WordPress is vulnerable to Directory Traversal in all versions up…2026-07-11
- mediumCVE-2026-9017: The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to autho…2026-07-11