CVE-2026-42542

Published: Jun 10, 2026Modified: Jun 12, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: security-advisories@github.com (Secondary)

Description

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.

Affected (1)

Products: Tdengine: Tdengine

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Tdengine Tdengine	From 3.4.0.0 to 3.4.1.6

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (2)

https://github.com/taosdata/TDengine/releases/tag/ver-3.4.1.6

Source: security-advisories@github.com

ProductRelease Notes

https://github.com/taosdata/TDengine/security/advisories/GHSA-vg95-j2hf-hvjx

Source: security-advisories@github.com

ExploitMitigationVendor Advisory

Timeline

No history available yet.