emqx
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting emqx.
- CVE-2026-8741EMQX QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl race condition3.1
- CVE-2026-32135NanoMQ has Heap Buffer Overflow in URI Parameter Parsing7.5
- CVE-2026-30867CocoaMQTT: Denial of Service via Reachable Assertion in `PUBLISH` Packet Parsing5.7
- CVE-2026-32696NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable3.1
- CVE-2026-25627nanomq: OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket6.5
- CVE-2026-21888MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()7.5
- CVE-2025-68699NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Increment Causes Crash6.5
- CVE-2024-48077NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of s...7.5
- CVE-2025-66023NanoMQ has Use-After-Free of malformed bridging message4.9
- CVE-2025-59946NanoMQ has a Use After Free vulnerability via sub info list7.5
- CVE-2025-59947NanoMQ has Buffer Overflow9.0
- CVE-2025-62413MQTTX vulnerable to cross-site scripting via improper message payload rendering6.1
- CVE-2025-52136In EMQX before 5.8.6, administrators can install arbitrary novel plugins via the Dashboard web interface. NOTE: the Supplier's position is that this is the intended behavior; however, 5.8.6 adds a ...3.0
- CVE-2024-42655An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.8.8
- CVE-2024-42651NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted S...7.5