CVE-2026-8686

Published May 15th, 2026

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1.

FreeRTOS/coreMQTT

Client implementation of the MQTT 5.0 specification for embedded devices

GitHub

226