CVE Catalog

CVE-2026-42542

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.16%

37th percentile - higher than 37% of all known CVEs

Summary

In TDengine versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. The issue is fixed in version 3.4.1.6.

Risk Assessment

An attacker can remotely crash the database server, leading to downtime for applications relying on this database.

Recommendation

It is recommended to upgrade to version 3.4.1.6 or later to secure the system against this vulnerability.

Original NVD description (English source)

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS