Ruoyyy

**Name of the Vulnerable Software and Affected Versions** FlashMQ versions prior to 1.26.1 **Description** A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both `set retained message defer timeout` and `set retained message defer timeout spread` are configured to non-default values. If anonymous retained publishing is enabled, no authentication is required to trigger the crash; otherwise, the attacker must possess the necessary publish permissions. **Recommendations** Update to version 1.26.1.