Browse all 4 CVE security advisories affecting oxia-db. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Oxia-db serves as a distributed database management system designed for handling time-series data in industrial IoT environments. Historically, it has been susceptible to multiple remote code execution vulnerabilities due to insufficient input validation in API endpoints, as well as cross-site scripting flaws through improper sanitization of user-supplied data. Privilege escalation issues have also been documented, stemming from weak access control mechanisms. The four publicly disclosed CVEs highlight consistent patterns of insecure deserialization and inadequate authentication controls. While no major security incidents have been widely reported, the accumulation of multiple RCE and XSS vulnerabilities suggests ongoing challenges in secure coding practices and input handling within the platform's architecture.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-40946 | Oxia: OIDC token audience validation bypass via SkipClientIDCheck — oxiaCWE-287 | 9.1AI | CriticalAI | 2026-04-21 |
| CVE-2026-40945 | Oxia: Bearer token exposed in debug log messages on authentication failure — oxiaCWE-532 | 7.5AI | HighAI | 2026-04-21 |
| CVE-2026-40944 | Oxia: TLS CA certificate chain validation fails with multi-certificate PEM bundles — oxiaCWE-295 | 7.5AI | HighAI | 2026-04-21 |
| CVE-2026-40943 | Oxia: Server crash via race condition in session heartbeat handling — oxiaCWE-362 | 5.9AI | MediumAI | 2026-04-21 |
This page lists every published CVE security advisory associated with oxia-db. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.