A vulnerability, which was classified as critical, has been found in taosdata TDengine 3.4.1.5/3.4.1.6/3.4.1.14. Impacted is the function transDecompressMsg of the file source/libs/transport/src/transComm.c of the component Transport. The manipulation of the argument comp leads to out-of-bounds read.

This vulnerability is listed as CVE-2026-62351. The attack may be initiated remotely. There is no available exploit.