EUVD-2026-28838

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

CVE-2026-42209 FlashMQ: Division by zero crash when using non-default deferred retained message setting

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both setretainedmessagedefertimeout and setretainedmessagedefertimeoutspread are configured to non-default values,...

CVE-2026-42209

Summary: CVE-2026-42209 affects FlashMQ, a MQTT broker/server for multi-CPU environments. Before v1.26.1, a remote client with retained publish permission can trigger a crash of the FlashMQ broker when both set_retained_message_defer_timeout and set_retained_message_defer_timeout_spread are non-d...

FlashMQ 数字错误漏洞

FlashMQ is a fast and lightweight MQTT proxy server developed by Wiebe Cazemier. Versions of FlashMQ prior to 1.26.1 contained a numerical error vulnerability. This vulnerability could cause the FlashMQ proxy to crash and lead to a denial-of-service attack when the setretainedmessagedefertimeout...

PT-2025-48097

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.22.5 Description A Heap-Use-After-Free UAF vulnerability exists in the TCP transport component of NanoMQ, stemming from improper resource management and premature cleanup of message and pipe structures. This occurs...

EUVD-2018-4506

Malware in sbrugna...

SUSE CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

Code injection

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

UBUNTU-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

DEBIAN-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

ALPINE-CVE-2018-12546

In Eclipse Mosquitto version 1.0 to 1.5.5 inclusive when a client publishes a retained message to a topic, then has its access to that topic revoked, the retained message will still be published to clients that subscribe to that topic in the future. In some applications this may result in clients...

CVE-2018-12546

The CVE describes a vulnerability in Eclipse Mosquitto where, for versions 1.0–1.5.5, a retained message published to a topic remains delivered to future subscribers after that client’s access to the topic is revoked, potentially enabling effects not allowed by normal access controls. This is a s...

Fedora 28 : mosquitto (2018-9a6af7815a)

Release 1.5.3 Security : - Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker : - Elevate log level to warning for situation when socket limit is hit. - Remo...

Fedora 29 : mosquitto (2018-ff1fdf28aa)

Release 1.5.3 Security : - Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker : - Elevate log level to warning for situation when socket limit is hit. - Remo...

Fedora 27 : mosquitto (2018-a115b0b80e)

Release 1.5.3 Security : - Fix CVE-2018-12543. If a message is sent to Mosquitto with a topic that begins with $, but is not $SYS, then an assert that should be unreachable is triggered and Mosquitto will exit. Broker : - Elevate log level to warning for situation when socket limit is hit. - Remo...