Cccaaa

**Name of the Vulnerable Software and Affected Versions** EMQX versions prior to 6.2.0 **Description** A race condition exists in the QoS 2 PUBLISH Packet Handler component within the `apps/emqx/src/emqx persistent session ds.erl` file. This issue allows a remote attacker to trigger a race condition, which occurs when the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. This attack is characterized by high complexity and is difficult to exploit. **Recommendations** Update to a version later than 6.2.0. As a temporary workaround, restrict access to the QoS 2 PUBLISH Packet Handler component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** EMQ EMQX Enterprise versions prior to 6.1.1 **Description** An issue exists in the Session Handling component where an unknown function allows for improper authorization. This flaw can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.