A vulnerability was found in Apache IoTDB up to 1.3.7/2.0.9. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/v2/fastLastQuery of the component FastLastQuery Handler. Such manipulation leads to authorization bypass.

This vulnerability is uniquely identified as CVE-2026-40452. The attack can be launched remotely. No exploit exists.