PT-2026-41677

In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 2024-02-18, the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length Client ID while CleanSession is set to 0, the broker correctly replies with a CONNACK return code 0x0...

Linux Distros Unpatched Vulnerability : CVE-2019-19307

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow in parsemqtt in mongoose.c in Cesanta Mongoose 6.16 allows an attacker to achieve remote DoS infinite loop, or possibly cause an out-of-boun...

[SECURITY] Fedora 44 Update: qt6-qtmqtt-6.10.3-1.fc44

MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...

Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]

Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-40046 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-40046

Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...

CVE-2026-33217 NATS allows MQTT clients to bypass ACL checks

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using ACLs on message subjects, these ACLs were not applied in the $MQTT. namespace, allowing MQTT clients to bypass ACL checks for MQTT subjects. Versions...

Apache ActiveMQ < 5.19.2 / 6.0.x < 6.1.9 / 6.2.0 MQTT Control Packet Validation Vulnerability (CVE-2025-66168)

The version of Apache ActiveMQ running on the remote host is prior to 5.19.2, 6.0.x prior to 6.1.9, or 6.2.0. It is, therefore, affected by a vulnerability: - Apache ActiveMQ does not properly validate the remaining length field in MQTT control packets which may lead to an integer overflow during...

CVE-2025-66168

WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...

PT-2026-22886

Name of the Vulnerable Software and Affected Versions Apache ActiveMQ versions prior to 5.19.2 Apache ActiveMQ versions 6.0.0 through 6.1.8 Apache ActiveMQ version 6.2.0 Description Apache ActiveMQ does not properly validate the remaining length field, potentially leading to an integer overflow...

Quantum Encryption Resilience Score (QERS) for MQTT, HTTP, and HTTPS under Post-Quantum Cryptography in Computer, IoT, and IIoT Systems

Post-quantum cryptography PQC introduces significant computational and communication overhead, which poses challenges for resource-constrained computer systems, Internet of Things IoT, and Industrial IoT IIoT devices. This paper presents an experimental evaluation of the Quantum Encryption...

curl: MQTT Protocol Violation & Integer Overflow in libcurl

Executive Summary Vulnerability Type: CWE-190 Component: lib/mqtt.c Function: mqttdecodelen Affected Architectures: - All architectures: Protocol non-compliance leading to stream desynchronization - 32-bit architectures: Deterministic integer overflow in length decoding libcurl does not correctly...

Eclipse Paho Go MQTT may incorrectly encode strings if length exceeds 65535 bytes

In Eclipse Paho Go MQTT v3.1 library paho.mqtt.golang versions =1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead to unexpected content in packets sent to the server for example, part of an MQTT topic may leak into...

CVE-2025-66217

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Leng...

MQTT 安全漏洞

MQTT Message Queuing Telemetry Transport is an ISO standard ISO/IEC PRF 20922 publishing/subscribing paradigm-based messaging protocol that operates on the TCP/IP family of protocols and is designed for use in situations where hardware performance is low on remote devices and network conditions a...

CVE-2025-56558

The Dyson MQTT server 2022 and possibly later allows publications and subscriptions by a client that has the correct values of AWSACCESSKEYID, AWSSECRETACCESSKEY, AWSSESSIONTOKEN, and device serial number, even if a device such as a Pure Hot+Cool device has been removed and is not visible in the...

EUVD-2020-6060

Malware in sbrugna...

EUVD-2020-19735

Malware in sbrugna...

A Quantum-Secure Voting Framework Using QKD, Dual-Key Symmetric Encryption, and Verifiable Receipts

Electronic voting systems face growing risks from cyberattacks and data breaches, which are expected to intensify with the advent of quantum computing. To address these challenges, we introduce a quantum-secure voting framework that integrates Quantum Key Distribution QKD, Dual-Key Symmetric...