Lucene search
K

1673 matches found

redhatcve
redhatcve
added 12 hours ago2 views

CVE-2026-58208

A flaw was found in NATS Server. An unauthenticated client with access to the WebSocket listener could exploit a vulnerability where requests for the MQTT-over-WebSocket path were incorrectly routed into MQTT handling, even when MQTT was not configured. This allowed the client to access...

7.5CVSS6AI score0.00593EPSS
Exploits0References8
cvelist
cvelist
added 3 days ago33 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
cve
cve
added 3 days ago7 views

CVE-2026-15318

CVE-2026-15318 affects Sipeed PicoClaw up to version 0.2.9. The vulnerability lies in the MQTT Channel Handler, specifically in the file pkg/channels/mqtt/mqtt.go, where manipulation of the client_id argument leads to incorrect authorization. The issue can be exploited remotely, and public exploi...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
nvd
nvd
added 5 days ago7 views

CVE-2026-58208

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

7.5CVSS0.00593EPSS
Exploits0References5
cve
cve
added 5 days ago8 views

CVE-2026-58208

CVE-2026-58208 affects NATS Server. A WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with WebSocket access to reach an uninitialized MQTT state and crash the server process. This iss...

7.5CVSS6AI score0.00593EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 5 days ago34 views

CVE-2026-58208 NATS Server: MQTT-over-WebSocket Path Can Crash WebSocket-Only JetStream Servers Before MQTT Is Enabled

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, a WebSocket listener could route requests for the MQTT-over-WebSocket path into MQTT handling even when MQTT was not configured, allowing an unauthenticated client with...

6.8CVSS0.00593EPSS
Exploits0References5
nvd
nvd
added 5 days ago6 views

CVE-2026-58214

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS0.00367EPSS
Exploits0References5
cve
cve
added 5 days ago12 views

CVE-2026-58209

NATS Server before versions 2.14.3 and 2.12.12 could deliver MQTT retained messages and QoS1+ durable replays to subscribers whose topics matched a deny rule, because delivery paths did not consistently re-check the original topic before sending MQTT PUBLISH. This issue is fixed in 2.14.3 and 2.1...

4.3CVSS6AI score0.00342EPSS
Exploits0References5Affected Software1
cvelist
cvelist
added 5 days ago35 views

CVE-2026-58209 NATS Server: MQTT retained and QoS replay bypass subscribe deny filters

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, MQTT retained message delivery and QoS1+ durable replay could deliver messages whose original topics matched a subscriber configured subscribe deny rule because these...

4.3CVSS0.00342EPSS
Exploits0References5
cvelist
cvelist
added 5 days ago40 views

CVE-2026-58214 NATS Server: MQTT subscribe ACL bypass via $MQTT.deliver.pubrel prefix (incomplete fix for CVE-2026-33217)

NATS Server is a high-performance server for NATS.io, the cloud and edge native messaging system. Prior to 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protoc...

4.3CVSS0.00367EPSS
Exploits0References5
cve
cve
added 5 days ago13 views

CVE-2026-58214

CVE-2026-58214 – NATS Server (MQTT subscribe ACL bypass) Prior to version 2.14.3 and 2.12.12, an authenticated MQTT client could subscribe to the internal $MQTT.deliver.pubrel subject family, bypassing configured subscribe permissions and exposing MQTT QoS2 protocol metadata for sessions in the a...

4.3CVSS5.9AI score0.00367EPSS
Exploits0References5Affected Software1
cve
cve
added 5 days ago14 views

CVE-2026-58213

NATS Server (nats-server) before versions 2.14.1 and 2.12.9 is vulnerable: an MQTT client can include protocol control characters in subscription filters, which are later forwarded as NATS protocol data to route or leafnode connections. This corrupts the forwarded protocol stream and allows injec...

7.1CVSS6AI score0.00439EPSS
Exploits0References8Affected Software1
ptsecurity
ptsecurity
added 5 days ago6 views

PT-2026-56560

Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description An unauthenticated MQTT client can cause the server to consume excessive memory by sending large incomplete MQTT CONNECT packets. The server retains these...

7.5CVSS5.9AI score0.00732EPSS
Exploits0References7
euvd
euvd
added 2026/06/28 11:15 a.m.10 views

EUVD-2026-39991

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS5AI score0.00411EPSS
Exploits0References8
cve
cve
added 2026/06/28 11:15 a.m.16 views

CVE-2026-13491

The CVE-2026-13491 entry concerns 78 xiaozhi-esp32 (up to version 2.2.6) and identifies a vulnerability in the MQTT Goodbye Handler. The issue lies in Application::GetInstance within main/protocols/mqtt_protocol.cc, where manipulating the session_id argument can trigger a denial of service. The a...

6.3CVSS5AI score0.00411EPSS
Exploits0References8
attackerkb
attackerkb
added 2026/06/28 11:15 a.m.9 views

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS4.9AI score0.00411EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2026/06/28 11:15 a.m.31 views

CVE-2026-13491 78 xiaozhi-esp32 MQTT Goodbye mqtt_protocol.cc GetInstance denial of service

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS0.00411EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2026/06/28 12:0 a.m.16 views

PT-2026-53104

Name of the Vulnerable Software and Affected Versions xiaozhi-esp32 versions prior to 2.2.7 Description A remote denial of service can be triggered through the manipulation of the session id argument. This issue resides within the Application::GetInstance function located in the main/protocols/mq...

6.3CVSS5.7AI score0.00411EPSS
Exploits0References13
osv
osv
added 2026/06/23 5:6 p.m.23 views

ROOT-APP-MAVEN-CVE-2025-66168 CVE-2025-66168 in io.root.org.apache.activemq:activemq-mqtt - Patched by Root

Root has patched CVE-2025-66168 in the io.root.org.apache.activemq:activemq-mqtt package for Root:Maven. Multiple fixed versions available...

8.8CVSS5.8AI score0.0078EPSS
Exploits0
osv
osv
added 2026/06/18 1:53 p.m.4 views

ROOT-APP-GOBINARY-CVE-2025-10543 CVE-2025-10543 in rootio-github.com/eclipse/paho.mqtt.golang - Patched by Root

Root has patched CVE-2025-10543 in the rootio-github.com/eclipse/paho.mqtt.golang package for Root:Go. Multiple fixed versions available...

5.3CVSS5.8AI score0.00197EPSS
Exploits0
Rows per page
Query Builder