CVE-2026-10142

A flaw was found in kafka-python. A malicious broker or a machine-in-the-middle attacker can exploit a denial-of-service vulnerability in the protocol parser. By sending a specially crafted 4-byte frame length value without proper bounds validation, an attacker can trigger excessive memory...

Code Injection

Apache ActiveMQ is vulnerable to Code Injection. The vulnerability is due to improper input validation and improper control of generation of code, where an attacker can construct a malicious broker name that bypasses name validation to include an xbean binding, and then use the DestinationView...

curl: MQTT CONNACK Packet Type Bypass leads to RCE via Malicious Broker

Summary: mqttverifyconnack in lib/mqtt.c never checks that the received packet type is actually a CONNACK 0x20. The constant MQTTMSGCONNACK is commented out at line 45, making the check impossible to write. A malicious broker can send any packet — e.g. PUBACK 0x40 — with remaininglength=2 and...

CVE-2026-30867

CocoaMQTT prior to v2.2.2 is vulnerable to a Denial of Service via a malformed 4-byte PUBLISH payload with the RETAIN flag set. A malicious broker or attacker can cause a vulnerable iOS/macOS/tvOS client to crash when it subscribes to the affected topic, leading to a persistent DoS until the reta...

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

PT-2023-29847 · Unknown · Android Client

Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue concerns the Android Client application's connection to an MQTT broker for exchanging messages and receiving commands. The protocol used for remote management o...