54 matches found
CVE-2026-54412
LiamBindle MQTT-C through version 1.1.6 contains a heap-based out-of-bounds read and integer underflow in the mqttunpackpublishresponse function in src/mqtt.c that allows a remote unauthenticated attacker controlling an MQTT broker - or able to inject MQTT traffic into an unencrypted session - to...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: smb: server: The use of smbdirectsocket.sendio.bcredits has been addressed. It turns out that our code would corrupt the stream of reassabled data transfer messages when we trigger an immediate empty send. To fix this issue, we...
curl: MQTT state machine confusion: PINGRESP/DISCONNECT with non-zero remaining_length dispatches to stale nextstate
Summary: In lib/mqtt.c, the state machine in mqttdoing lines 894-911 in curl 8.20.0 does not validate that PINGRESP 0xD0 and DISCONNECT 0xE0 packets have remaininglength == 0 as required by MQTT 3.1.1 spec sections 3.13.1 and 3.14.1. A malicious broker can send a PINGRESP fixed header with non-ze...
Apache ActiveMQ series improper validation of MQTT packets [AMQ-9810]
Overview Apache ActiveMQ series provided by The Apache Software Foundation does not properly validate the remaining length field of MQTT packets, which may lead to integer overflow and misinterpretation of MQTT packets. Integer overflow or wraparound CWE-190 - CVE-2025-66168, CVE-2026-40046 Gai...
BIT-ACTIVEMQ-2026-40046 Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT: Missing fix for CVE-2025-66168: MQTT control packet remaining length field is not properly validated
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
NanoMQ Buffer Overflow Vulnerability (CNVD-2026-16831)
NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms. A buffer overflow vulnerability exists in NanoMQ versions prior to 0.24.8. The vulnerability stems from the MQTT-over-WebSocket transport failing to properly validate the receive buffer size when processing MQTT packets with...
Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT vulnerable to Integer Overflow or Wraparound
Integer Overflow or Wraparound vulnerability in Apache ActiveMQ, Apache ActiveMQ All, Apache ActiveMQ MQTT. The fix for "CVE-2025-66168: MQTT control packet remaining length field is not properly validated" was only applied to 5.19.2 and future 5.19.x releases but was missed for all 6.0.0+...
CVE-2026-40046
CVE-2026-40046 is an Integer Overflow/Wraparound vulnerability in Apache ActiveMQ and related modules (ActiveMQ, ActiveMQ All, ActiveMQ MQTT) caused by improper validation of the MQTT remaining length field. A fix intended for CVE-2025-66168 was applied only to 5.19.2+ but was missed for 6.0.0–6....
Apache ActiveMQ 输入验证错误漏洞
Apache ActiveMQ is an open-source messaging middleware developed by the Apache Foundation in the United States. It supports Java Message Service, clustering, Spring Framework, etc. There is a vulnerability in input validation of Apache ActiveMQ, which stems from improper validation of the remaini...
CVE-2026-25627
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
CVE-2026-25627
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
CVE-2026-25627
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
CVE-2026-25627 nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
CVE-2026-25627 nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
CVE-2026-25627 nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
CVE-2026-25627
CVE-2026-25627 affects NanoMQ (MQTT broker) where the MQTT-over-WebSocket transport could crash due to an out-of-bounds read when processing an MQTT packet with a deliberately large Remaining Length. The issue arises because the receive path copies Remaining Length bytes without ensuring the sock...
EUVD-2026-17195
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
PT-2026-29116
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path...
BIT-ACTIVEMQ-2025-66168 Apache ActiveMQ, Apache ActiveMQ All Module, Apache ActiveMQ MQTT Module: MQTT control packet remaining length field is not properly validated
WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details: https://activemq.apache.org/security-advisories.data/CVE-2026-40046-announcement.txt https://vulners.com/cve/CVE-2026-40046 Original Report: Apache ActiveMQ...
Linux Distros Unpatched Vulnerability : CVE-2025-66168
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WARNING: Users of 6.x should upgrade to 6.2.4 or later as the fix was missed in previous 6.x releases. See the following for more details:...