CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

EUVD-2026-34200

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...

DEBIAN-CVE-2026-44248

Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. Specifically, in MqttDecoder, the decodeVariableHeader method is called before the...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of size limits applied to the Properties section during the decoding process. An attacker can cause excessive CPU and memory consumption by sending MQTT messages with...

curl: MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate

Summary: In lib/mqtt.c, the state machine in mqttdoing lines 894-911 in curl 8.20.0 does not validate that PINGRESP 0xD0 and DISCONNECT 0xE0 packets have remaininglength == 0 as required by MQTT 3.1.1 spec sections 3.13.1 and 3.14.1. A malicious broker can send a PINGRESP fixed header with non-ze...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

GO-2026-4834 NATS allows MQTT clients to bypass ACL checks in github.com/nats-io/nats-server

NATS allows MQTT clients to bypass ACL checks in github.com/nats-io/nats-server...

Credential Exposure

Overview github.com/nats-io/nats-server/v2/server is an A simple, secure and performant communications system for digital systems, services and devices. Affected versions of this package are vulnerable to Credential Exposure through the MQTT authentication processing in...

EUVD-2025-208266

Apache ActiveMQ does not properly validate the remaining length field which may lead to an overflow during the decoding of malformed packets. When this integer overflow occurs, ActiveMQ may incorrectly compute the total Remaining Length and subsequently misinterpret the payload as multiple MQTT...

Man-In-The-Middle (MITM) Attack

MQTT is vulnerable to a Man-in-the-Middle MITM attack. The vulnerability is due to missing hostname verification by default, which allows an attacker to intercept and manipulate communication between clients and servers...

CVE-2025-66217 AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Leng...

GHSA-9C5Q-W6GR-FXCQ MQTT does not validate hostnames

A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...

Dyson App 安全漏洞

Dyson App is a mobile application for remote control of smart devices from Dyson Singapore. A security vulnerability exists in Dyson App versions v6.1.23041 through 23595, which originates from an unauthenticated attacker being able to remotely control another user's Dyson IoT device via MQTT...

EUVD-2025-32583

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

CVE-2025-58581 Information Disclosure Through Stacktrace-/MQTT/Config/changeAll

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

CVE-2025-9161

A security issue exists within FactoryTalk Optix MQTT broker due to the lack of URI sanitization. This flaw enables the loading of remote Mosquito plugins, which can be used to achieve remote code execution...

CVE-2025-55443

Affected product: Telpo MDM Android, versions 1.4.6–1.4.9. Vulnerability: Sensitive administrator credentials and MQTT server connection details are stored in plaintext in log files on external storage, enabling access to the MDM web platform to perform administrative operations and to the MQTT s...

Sungrow iSolarCloud 安全漏洞

Sungrow iSolarCloud Sunshine Cloud is a software for monitoring and managing PV power plants from China's Sunny Power Sungrow. A security vulnerability exists in Sungrow iSolarCloud, which stems from an under-restricted MQTT service that could result in subscribing to arbitrary topics and...