Critical severity9.8NVD Advisory· Published Sep 2, 2022· Updated Jul 5, 2026
CVE-2022-36640
CVE-2022-36640
Description
influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint, we strongly recommend authentication be enabled. Otherwise the data will be publicly available to any unauthenticated user. The default settings do NOT enable authentication and authorization."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: <1.8.10
Patches
Vulnerability mechanics
References
6- dl.influxdata.com/influxdb/releases/influxdb_1.8.10_amd64.debnvdPatchVendor Advisory
- portal.influxdata.com/downloads/nvdPatchProduct
- influxdata.comnvdProduct
- influxdb.comnvdProduct
- www.krsecu.com/CVE/409b5310045bd6b9a984a5fb63bd8786d5c5681a8ad5b1c815c84b2b90002ad7.docxnvdBroken Link
- www.influxdata.comnvdProduct
News mentions
0No linked articles in our index yet.