A vulnerability classified as problematic has been found in Apache IoTDB up to 2.0.9. This issue affects the function readLength/readData of the component AirGap Pipe Receiver. This manipulation of the argument length causes missing authentication.

This vulnerability is registered as CVE-2026-40006. Remote exploitation of the attack is possible. No exploit is available.