Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2026-8686: coreMQTT MQTT Broker Denial of Service Vulnerability
CVE-2026-8686
Summary
A security issue in coreMQTT's MQTT v5.0 property parser can cause a denial of service when an MQTT broker sends a specially crafted packet. This affects users who are not running the latest version of coreMQTT. To fix this, users should upgrade to the latest version, coreMQTT 5.0.1.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| freertos | coremqtt |
5.0.0 cpe:2.3:a:freertos:coremqtt:5.0.0:*:*:*:*:*:*:* |
Original title
Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet.
To remediate this issue, users...
Original description
Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet.
To remediate this issue, users should upgrade to v5.0.1.
To remediate this issue, users should upgrade to v5.0.1.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 15 May 2026 · Updated: 28 May 2026 · First seen: 15 May 2026