VYPR
Vendor

Emqx

Products
6
CVEs
42
Across products
43
Status
Private

Products

6

Recent CVEs

42
View all 42 CVEs →
  • CVE-2026-33356HigMay 11, 2026
    risk 0.50cvss 7.7epss 0.00

    In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent…

  • CVE-2024-48077HigJan 15, 2026
    risk 0.49cvss 7.5epss 0.00

    NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors (FDs). This exhaustion triggers a process crash, rendering…

  • CVE-2026-32135HigApr 20, 2026
    risk 0.42cvss 7.5epss 0.01

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for…

  • CVE-2025-62413MedOct 16, 2025
    risk 0.40cvss 6.1epss 0.00

    MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting (XSS) vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the…

  • CVE-2025-65953MedNov 25, 2025
    risk 0.39cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free (UAF) vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library (specifically in…

  • CVE-2026-25627MedMar 30, 2026
    risk 0.35cvss 6.5epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual…

  • CVE-2026-32134MedMay 19, 2026
    risk 0.31cvss 5.9epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption…

  • CVE-2026-30867MedApr 2, 2026
    risk 0.30cvss 5.7epss 0.00

    CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a compromised/malicious MQTT broker) to remotely crash the host iOS/macOS/tvOS…

  • CVE-2026-6564MedApr 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and…

  • CVE-2026-34608MedApr 2, 2026
    risk 0.25cvss 4.9epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the hook_work_cb() function processes nng messages by parsing the message body with cJSON_Parse(body). The body is obtained from nng_msg_body(msg), which…

  • CVE-2026-44640MedMay 29, 2026
    risk 0.22cvss 4.5epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This type confusion causes invalid object interpretation and leads to close-path…

  • CVE-2026-8741LowMay 17, 2026
    risk 0.20cvss 3.1epss 0.00

    A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high…

  • CVE-2025-52136LowAug 10, 2025
    risk 0.20cvss 3.0epss 0.00

    In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a defense-in-depth feature in which a plugin's acceptability (for later Dashboard…

  • CVE-2026-32696LowMar 30, 2026
    risk 0.13cvss 3.1epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the…

  • CVE-2026-45151LowMay 29, 2026
    risk 0.12cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c->mtx.

  • CVE-2026-21888Mar 11, 2026
    risk 0.00cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.

  • CVE-2026-22040Mar 4, 2026
    risk 0.00cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably…

  • CVE-2025-68699Feb 4, 2026
    risk 0.00cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the second /) is not strictly…

  • CVE-2025-66023Jan 1, 2026
    risk 0.00cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). The vulnerability is triggered when NanoMQ acts…

  • CVE-2025-59946Dec 27, 2025
    risk 0.00cvss epss 0.00

    NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.