Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2026-49199: Mosquitto MQTT Command Injection Vulnerability

CVE-2026-49199

Summary

The Mosquitto MQTT server is vulnerable to a security risk that allows attackers to execute malicious code on devices connected to it. This could lead to unauthorized access or control of those devices. To protect against this risk, update to the latest version of Mosquitto or consider using an alternative MQTT server.

Original title

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

Original description

Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.

nvd CVSS4.0 10.0

Vulnerability type

CWE-77 Command Injection

https://community.acer.com/en/kb/articles/19672

Published: 29 May 2026 · Updated: 30 May 2026 · First seen: 29 May 2026