A vulnerability was found in Apache IoTDB up to 2.0.9 and classified as critical. This impacts the function
Class.forName of the component Pipe Processor. The manipulation results in use of externally-controlled input to select classes or code.
This vulnerability is known as CVE-2026-40008. It is possible to launch the attack remotely. No exploit is available.