CVE-2026-8686

HIGH NVD

CVSS Score 7.5

Severity HIGH

Published May 15, 2026

Vendor unknown

Description

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1.

References

https://aws.amazon.com/security/security-bulletins/2026-032-aws/
https://github.com/FreeRTOS/coreMQTT/releases/tag/v5.0.1
https://github.com/FreeRTOS/coreMQTT/security/advisories/GHSA-6qh9-r6jp-2wxc