19 matches found
CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49198
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
EUVD-2026-34200
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49186
CVE-2026-49186 : The provided documents describe a vulnerability in a local MQTT broker where topic-level ACLs are not enforced. This allows any client to subscribe with wildcards (# or +) and enumerate hidden devices, or publish rogue control commands. The issue is rooted in missing access contr...
CVE-2026-49186 Lack of MQTT Broker Topic Access Control Lists
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
PT-2026-46141
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of mandatory implementation of topic-level access control lists by the local MQTT Broker. As a result, any client that...
CVE-2026-49198
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
CVE-2026-49198
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
CVE-2026-49198 Predator Connect W6x: MQTT Broker Access Control
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
CVE-2026-49198 Predator Connect W6x: MQTT Broker Access Control
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
EUVD-2026-33266
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
Acer Predator Connect W6x 安全漏洞
The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...
PT-2026-44768
Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...
PT-2025-4000 · New Rock Technologies · Mx8G Voip Gateway +2
Name of the Vulnerable Software and Affected Versions: Affected products affected versions not specified Description: The Cloud MQTT service of the affected products supports wildcard topic subscription, which could allow an attacker to obtain sensitive information from tapping the service...
PT-2024-11549 · Unknown · Nats Server +1
Name of the Vulnerable Software and Affected Versions: NATS Server versions prior to 2.8.2 NATS Streaming Server versions prior to 0.24.6 Description: The issue is caused by the failure to enforce negative user permissions in one scenario, allowing a remote attacker to bypass security restriction...