CVE-2026-42542

Description

TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are required. Version 3.4.1.6 fixes the issue.

PUBLISHED Reserved 2026-04-28 | Published 2026-06-10 | Updated 2026-06-10 | Assigner GitHub_M

Problem types

CWE-191: Integer Underflow (Wrap or Wraparound)

Product status

References

github.com/...engine/security/advisories/GHSA-vg95-j2hf-hvjx

github.com/taosdata/TDengine/releases/tag/ver-3.4.1.6

cve.org (CVE-2026-42542)

nvd.nist.gov (CVE-2026-42542)

Download JSON