Description
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.
Published: 2026-06-10
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an integer underflow in the routine that retrieves user information. An unauthenticated attacker can send a single crafted RPC packet to the taosd server, causing it to crash. The result is a denial of service that disrupts the availability of TDengine services. This flaw originates from improper bounds checking of a data field, classified as CWE-191.

Affected Systems

The affected product is TDengine by TaosData. Versions from 3.4.0.0 to 3.4.1.5 are impacted. Version 3.4.1.6 includes the fix.

Risk and Exploitability

The CVSS score is 7.5, indicating a high severity. No EPSS score is available, so the public exploit probability is unclear. The vulnerability is not listed in CISA’s KEV catalog. An attacker can exploit it remotely without authentication by sending a specially crafted RPC packet to the taosd process. The attack requires network connectivity to the TDengine server and can be performed from any host.

Generated by OpenCVE AI on June 10, 2026 at 22:56 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade TDengine to version 3.4.1.6 or newer, which contains the integer underflow fix.
  • Restrict network access to the taosd service by configuring firewall rules to allow traffic only from trusted hosts.
  • After applying the update, restart the taosd service to ensure a clean state and confirm services resume operation.
  • Continuously monitor server logs for crash events and investigate any abnormal RPC traffic patterns.

Generated by OpenCVE AI on June 10, 2026 at 22:56 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Tdengine
Tdengine tdengine
CPEs cpe:2.3:a:tdengine:tdengine:*:*:*:*:*:*:*:*
Vendors & Products Tdengine
Tdengine tdengine

Thu, 11 Jun 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 11 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Taosdata
Taosdata tdengine
Vendors & Products Taosdata
Taosdata tdengine

Wed, 10 Jun 2026 21:00:00 +0000

Type Values Removed Values Added
Description TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.
Title TDengine has an integer underflow in uvConnMayGetUserInfo() allows unauthenticated remote crash (DoS)
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Taosdata Tdengine
Tdengine Tdengine
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-11T16:15:17.741Z

Reserved: 2026-04-28T16:56:50.190Z

Link: CVE-2026-42542

cve-icon Vulnrichment

Updated: 2026-06-11T12:57:12.740Z

cve-icon NVD

Status : Analyzed

Published: 2026-06-10T22:16:57.527

Modified: 2026-06-12T19:40:54.747

Link: CVE-2026-42542

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T10:40:50Z

Weaknesses
  • CWE-191

    Integer Underflow (Wrap or Wraparound)