1045 matches found
CVE-2026-57216 RabbitMQ: AMQP 1.0, AMQP 0-9-1, Stream Protocol loopback enforcement can lead to remote guest sessions due to listener-address loopback checks
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, AMQP 0-9-1, AMQP 1.0, and Stream Protocol authentication can allow a loopback-restricted user such as guest to connect remotely when traffic is accepted through a trusted PROXY-protocol path and the backend...
CVE-2026-15318
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...
PT-2026-56582
Name of the Vulnerable Software and Affected Versions NATS Server versions prior to 2.14.3 NATS Server versions prior to 2.12.12 Description A WebSocket listener may route requests for the MQTT-over-WebSocket path to MQTT handling processes even if MQTT is not configured. This allows an...
PYSEC-2026-1131 Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Sensitive information logged as clear text when rediss, amqp, rpc protocols are used as Celery result backend Note: the vulnerability is about the information exposed in the logs not...
[SECURITY] Fedora 44 Update: librabbitmq-0.16.0-1.fc44
This is a C-language AMQP client library for use with AMQP servers speaking protocol versions 0-9-1...
CVE-2026-44838
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
EUVD-2026-34200
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49199 Predator Connect W6x: RCE via MQTT
Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device...
CVE-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass
RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...
Security Analysis of a Communication Protocol: MQTT
This paper analyzes the security of the Message Queuing Telemetry Transport MQTT protocol in the context of the Internet of Things IoT. The main objective consists of identifying vulnerabilities and proposing security improvements. Adopting a hybrid methodology, a theoretical review was combined...
CVE-2026-33838
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...
CVE-2026-34329
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...
DEBIAN-CVE-2026-44248
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...
PT-2026-40614
Name of the Vulnerable Software and Affected Versions Devolutions Server versions 2026.1.21 and 2026.2.5 Microsoft Message Queuing versions prior to Windows Server 2025 Description Devolutions Server contains improper access control in PAM account discovery, which allows an authenticated user to...
EUVD-2026-29584
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...
EUVD-2026-29588
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...
CVE-2026-34329
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network...
CVE-2026-33838
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally...
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
...
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
...