PatchSiren cyber security CVE debrief
CVE-2026-62350 taosdata CVE debrief
A high-severity vulnerability was found in TDengine, a time-series database optimized for Internet of Things devices. The issue allows a user with create udf privilege to upload a crafted shared library and install it as a user-defined function, enabling execution of arbitrary C code on the TDengine server side through database queries. This issue is fixed in version 3.4.1.15. The vulnerability could allow for arbitrary code execution on the server side, potentially leading to a compromise of the TDengine server. Users with create udf privileges are at risk, and defenders should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Vendor
- taosdata
- Product
- TDengine
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-15
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-07-15
- Advisory updated
- 2026-07-18
Who should care
Users of TDengine versions prior to 3.4.1.15 should be concerned about this vulnerability, especially those with create udf privileges. The vulnerability could allow for arbitrary code execution on the server side, potentially leading to a compromise of the TDengine server. Operators, platform administrators, vulnerability management teams, and security teams should review the affected scope and severity to determine the necessary actions to mitigate the risk.
Technical summary
TDengine, an open-source time-series database for IoT devices, had a vulnerability prior to version 3.4.1.15. A user with create udf (user-defined function) privilege could upload a crafted shared library and install it as a UDF, such as 'eval', allowing execution of arbitrary C code on the TDengine server through database queries. This vulnerability could be exploited by a user with create udf privileges, potentially leading to arbitrary code execution on the server side. The vulnerability is addressed in version 3.4.1.15, and users should update to this version or later to mitigate the risk.
Defensive priority
High priority should be given to updating TDengine to version 3.4.1.15 or later, especially for users with create udf privileges. Monitoring for unusual UDF installations and restricting UDF creation to necessary users can help mitigate the risk. Defenders should also review compensating controls for exposed systems while remediation is scheduled and verified.
Recommended defensive actions
- Update TDengine to version 3.4.1.15 or later
- Restrict UDF creation to necessary users
- Monitor for unusual UDF installations
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-15T19:18:37.810Z and was last modified on 2026-07-18T02:17:10.390Z. The NVD entry is currently Deferred. There is limited information available about the specific details of this vulnerability, and defenders should verify the affected scope and severity with the vendor. The CVE record provides a link to the official CVE record and the NVD detail page for further information.
Official resources
-
CVE-2026-62350 CVE record
CVE.org
-
CVE-2026-62350 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-15T19:18:37.810Z and has not been modified since then. The NVD entry is currently Deferred.