CyberRota
← Ana sayfaya dön

CVE-2026-40008

UNKNOWN · CVSS N/A

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-10T08:16:22.397 · Çekilme zamanı: 2026-07-10T12:06:58.288641+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-40008
Severity
UNKNOWN
CVSS
N/A
EPSS
Yok
Apache Java

Orijinal NVD Açıklaması

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Apache IoTDB. The pipe processor reads a fully qualified Java class name and instantiates it using Class.forName().newInstance() without any validation or allowlisting. This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue.