Skip to main content

coreMQTT EUVD-2026-30581

| CVE-2026-8686 HIGH
Out-of-bounds Read (CWE-125)
2026-05-15 AMZN
Buffer Overflow Denial Of Service Information Disclosure
8.7
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Source Code Evidence Fetched
May 15, 2026 - 19:33 vuln.today
Analysis Generated
May 15, 2026 - 19:33 vuln.today
CVSS changed
May 15, 2026 - 19:22 NVD
7.5 (HIGH) 8.7 (HIGH)

DescriptionNVD

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet.

To remediate this issue, users should upgrade to v5.0.1.

AnalysisAI

Denial of service vulnerability in coreMQTT versions before 5.0.1 allows remote MQTT brokers to crash client applications through malformed MQTT v5.0 property packets. The vulnerability stems from missing bounds validation in the property parser, enabling out-of-bounds read conditions (CWE-125). …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all coreMQTT deployments and identify current versions in use. Within 7 days: Apply vendor-released patch to upgrade coreMQTT to version 5.0.1 or later across all affected systems; validate patch deployment in non-production environments first. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

EUVD-2026-30581 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy