GHSA-vvpf-h42q-v96vHighCVSS 9.8

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any...

Published
June 4, 2026
Last Modified
June 4, 2026

🔗 CVE IDs covered (1)

CVE-2026-49186

📋 Description

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

🔗 References (3)