CVE Catalog

CVE-2026-46411

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.04%

12th percentile - higher than 12% of all known CVEs

Summary

FlashMQ is an MQTT broker/server that prior to version 1.26.2 allowed authorized clients to exceed the permitted write buffer over-commit, triggering an internal safeguard exception. This exception was not catchable, leading to server abort.

Risk Assessment

Organizations may experience server aborts, leading to service downtime and potential data loss. There is a high risk for critical systems running on FlashMQ.

Recommendation

It is recommended to upgrade to version 1.26.2 or later to mitigate this vulnerability and secure the server against aborts.

Original NVD description (English source)

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS