CVE-2026-42542
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk37th percentile - higher than 37% of all known CVEs
Summary
In TDengine versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. The issue is fixed in version 3.4.1.6.
Risk Assessment
An attacker can remotely crash the database server, leading to downtime for applications relying on this database.
Recommendation
It is recommended to upgrade to version 3.4.1.6 or later to secure the system against this vulnerability.
Original NVD description (English source)
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.

