A vulnerability was found in Apache IoTDB C++ client up to 1.3.7/2.0.9. It has been rated as critical. Affected by this issue is some unknown functionality of the component TsBlock Deserializer. Performing a manipulation results in out-of-bounds read.
This vulnerability was named CVE-2026-40454. The attack may be initiated remotely. There is no available exploit.