cailiujia/CVE

EMQX Enterprise 6.1.0 and earlier is vulnerable to denial of service due to improper session management. An authenticated attacker can connect using another user's Client ID, causing the broker to disconnect the victim's client. Client IDs are not bound to specific users, allowing cross‑user session takeover.