Skip to main content

Emqx

2 CVEs product

Monthly

CVE-2026-8741 LOW POC Monitor

Race condition in EMQX MQTT broker versions up to 6.2.0 allows authenticated remote attackers to cause limited availability impact through malformed QoS 2 PUBLISH packet handling in persistent sessions. The vulnerability exploits timing windows in the emqx_persistent_session_ds.erl module, though successful exploitation is marked as difficult with high attack complexity. A proof-of-concept exploit is publicly available on GitHub (Pathfind-tama/Report_EMQX_MQTT), demonstrating QoS 2 message duplication attacks. CVSS 3.1, exploitability requires low-privilege authentication and precise timing, limiting real-world risk despite public POC.

Race Condition Information Disclosure Emqx
NVD VulDB GitHub
CVSS 4.0
1.3
EPSS
0.0%
CVE-2023-37781 MEDIUM POC This Month

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Emqx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
EPSS 0% CVSS 1.3
LOW POC Monitor

Race condition in EMQX MQTT broker versions up to 6.2.0 allows authenticated remote attackers to cause limited availability impact through malformed QoS 2 PUBLISH packet handling in persistent sessions. The vulnerability exploits timing windows in the emqx_persistent_session_ds.erl module, though successful exploitation is marked as difficult with high attack complexity. A proof-of-concept exploit is publicly available on GitHub (Pathfind-tama/Report_EMQX_MQTT), demonstrating QoS 2 message duplication attacks. CVSS 3.1, exploitability requires low-privilege authentication and precise timing, limiting real-world risk despite public POC.

Race Condition Information Disclosure Emqx
NVD VulDB GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Emqx
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy