PatchSiren cyber security CVE debrief
CVE-2026-42542 taosdata CVE debrief
CVE-2026-42542 is a HIGH severity vulnerability in TDengine, an open source time-series database optimized for Internet of Things devices. Versions 3.4.0.0 through 3.4.1.5 are vulnerable. An unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. The issue is fixed in version 3.4.1.6.
- Vendor
- taosdata
- Product
- TDengine
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-12
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-12
Who should care
Users of TDengine versions 3.4.0.0 through 3.4.1.5 should update to version 3.4.1.6 to prevent unauthenticated remote crashes of the taosd server process.
Technical summary
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. CWE-191. An unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet.
Defensive priority
HIGH
Recommended defensive actions
- Update TDengine to version 3.4.1.6 or later.
Evidence notes
CVE-2026-42542 was published on [cvePublishedAt] and modified on [cveModifiedAt].
Official resources
-
CVE-2026-42542 CVE record
CVE.org
-
CVE-2026-42542 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Product, Release Notes
-
Mitigation or vendor reference
[email protected] - Exploit, Mitigation, Vendor Advisory
TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No