Skip to main content

Flashmq

1 CVEs product

Monthly

CVE-2026-46411 MEDIUM This Month

Denial-of-service in FlashMQ MQTT broker prior to version 1.26.2 allows any authenticated (low-privilege) connected client to crash the entire broker process by deliberately exceeding the permitted write buffer over-commit threshold. The crash occurs because the resulting internal safeguard exception is raised in a C++ destructor code path during stack unwinding - a context where exceptions cannot be caught - forcing a call to std::terminate() and aborting the server. No public exploit has been identified at time of analysis, but exploitation requires only valid MQTT credentials, making this a realistic risk for any FlashMQ deployment with untrusted or semi-trusted client populations.

Information Disclosure Flashmq
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service in FlashMQ MQTT broker prior to version 1.26.2 allows any authenticated (low-privilege) connected client to crash the entire broker process by deliberately exceeding the permitted write buffer over-commit threshold. The crash occurs because the resulting internal safeguard exception is raised in a C++ destructor code path during stack unwinding - a context where exceptions cannot be caught - forcing a call to std::terminate() and aborting the server. No public exploit has been identified at time of analysis, but exploitation requires only valid MQTT credentials, making this a realistic risk for any FlashMQ deployment with untrusted or semi-trusted client populations.

Information Disclosure Flashmq
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy