BIT-RABBITMQ-2026-44838 RabbitMQ MQTT Topic Permission Authorization Bypass

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-44838

RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrators can create patterns such as ^clientid-sensors$ to restrict user access to topics that include...

CVE-2026-33009

EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to C++ UB potential memory corruption. This is triggered by an MQTT everestexternal/nodered/connector/cmd/switchthreephaseswhilecharging message and results in Charger::sharedcontext / internalcontext...

EUVD-2017-18778

Malware in sbrugna...

EUVD-2018-12263

Malware in sbrugna...

EUVD-2025-15995

Malicious code in bioql PyPI...

CVE-2025-27804

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...

CVE-2023-1083

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates...

CVE-2025-27804

Several OS command injection vulnerabilities exist in the device firmware in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic arbitrary OS commands can be executed with root permissions...

CVE-2025-27804

CVE-2025-27804 affects eCharge Hardy Barth cPH2 and cPP2 charging stations. The vulnerability stems from multiple OS command injections in the device firmware, specifically via the /var/salia/mqtt.php script. When a specially crafted MQTT message is published to a certain topic, arbitrary OS comm...

PT-2025-22332

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description There are several OS command injection vulnerabilities in the device firmware, specifically in the /var/salia/mqtt.php script. By publishing a specially crafted message to a certain MQTT topic...

Welotec Industrial Routers Improper Access Control (CVE-2023-1083)

An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive messages, including GET/SET configuration commands, reboot commands and firmware updates. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

F5 Networks BIG-IP : BIG-IP MQTT iRule vulnerability (K62830532)

When your system handlesMQTT traffic through a BIG-IP virtual server associated with an MQTT profile, and an iRule performs manipulations on that traffic, TMM may produce a core file. CVE-2020-5935 Impact The Traffic Management Microkernel TMM may generate a core file and restart, causing a high...

Debian DLA-1146-1 : mosquitto security update

mosquitto's persistence file mosquitto.db was created in a world-readable way thus allowing local users to obtain sensitive MQTT topic information. While the application has been fixed to set proper permissions by default, you still have to manually fix the permissions on any existing file. For...

[ASA-201707-16] mosquitto: information disclosure

Arch Linux Security Advisory ASA-201707-16 ========================================== Severity: Medium Date : 2017-07-16 CVE-ID : CVE-2017-9868 Package : mosquitto Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-353 Summary ======= The package mosquitto before...

Information disclosure

In Mosquitto through 1.4.12, mosquitto.db aka the persistence file is world readable, which allows local users to obtain sensitive MQTT topic information...