A vulnerability has been found in Apache IoTDB up to 2.0.9 and classified as critical. This affects an unknown function of the component Session Expiration. The manipulation leads to authentication bypass by capture-replay.
This vulnerability is traded as CVE-2026-28564. It is possible to initiate the attack remotely. There is no exploit available.