Skip to main content

EMQX CVE-2026-8741

| EUVD-2026-30692 LOW
Race Condition (CWE-362)
2026-05-17 VulDB GHSA-48p2-hcwr-rx4q
Information Disclosure Race Condition
1.3
CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
CVSS changed
May 17, 2026 - 09:22 NVD
3.1 (LOW) 1.3 (LOW)
Analysis Generated
May 17, 2026 - 09:15 vuln.today

DescriptionNVD

A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

AnalysisAI

Race condition in EMQX MQTT broker versions up to 6.2.0 allows authenticated remote attackers to cause limited availability impact through malformed QoS 2 PUBLISH packet handling in persistent sessions. The vulnerability exploits timing windows in the emqx_persistent_session_ds.erl module, though successful exploitation is marked as difficult with high attack complexity. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-8741 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy