CVE-2026-46411
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk12th percentile - higher than 12% of all known CVEs
Summary
FlashMQ is an MQTT broker/server that prior to version 1.26.2 allowed authorized clients to exceed the permitted write buffer over-commit, triggering an internal safeguard exception. This exception was not catchable, leading to server abort.
Risk Assessment
Organizations may experience server aborts, leading to service downtime and potential data loss. There is a high risk for critical systems running on FlashMQ.
Recommendation
It is recommended to upgrade to version 1.26.2 or later to mitigate this vulnerability and secure the server against aborts.
Original NVD description (English source)
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and therefore causes a server abort. This issue has been patched in version 1.26.2.

