A vulnerability classified as problematic was found in Apache IoTDB up to 2.0.9. Impacted is the function
readLength of the component AirGap Receiver. Such manipulation of the argument pipe_air_gap_receiver_enabled leads to uncontrolled recursion.
This vulnerability is documented as CVE-2026-40007. The attack can be executed remotely. There is not any exploit available.