CVE-2026-42209

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions FlashMQ versions prior to 1.26.1

Description A remote client with retained publish permission can cause a denial of service by crashing the broker. This occurs when both set retained message defer timeout and set retained message defer timeout spread are configured to non-default values. If anonymous retained publishing is enabled, no authentication is required to trigger the crash; otherwise, the attacker must possess the necessary publish permissions.

Recommendations Update to version 1.26.1.

Exploit

Fix

DoS

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369

Related Identifiers

CVE-2026-42209

Affected Products

Flashmq

CVE-2026-42209

Weakness Enumeration

Related Identifiers

Affected Products

References · 7