CVE-2026-8686

7.5 HIGH
Published: May 15, 2026 Modified: May 15, 2026
View on NVD

Description

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://aws.amazon.com/security/security-bulletins/2026-032-aws/
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
https://github.com/FreeRTOS/coreMQTT/releases/tag/v5.0.1
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5
https://github.com/FreeRTOS/coreMQTT/security/advisories/GHSA-6qh9-r6jp-2wxc
Source: ff89ba41-3aa1-4d27-914a-91399e9639e5

3 reference(s) from NVD

Quick Stats

CVSS v3 Score
7.5 / 10.0
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-125

Related CVEs

CVE-2026-4054 4.3
CVE-2026-4053 3.1
CVE-2026-46408 7.6
CVE-2026-46407 8.1
CVE-2026-46367 7.6