A vulnerability was found in Apache IoTDB up to 2.0.9. It has been classified as problematic. Affected is an unknown function of the component Privilege Management. This manipulation causes improper access controls.

This vulnerability is handled as CVE-2026-40009. The attack can be initiated remotely. There is not any exploit available.