CVE-2026-8741

Name of the Vulnerable Software and Affected Versions EMQX versions prior to 6.2.0

Description A race condition exists in the QoS 2 PUBLISH Packet Handler component within the apps/emqx/src/emqx persistent session ds.erl file. This issue allows a remote attacker to trigger a race condition, which occurs when the system's substantive behavior is dependent on the sequence or timing of other uncontrollable events. This attack is characterized by high complexity and is difficult to exploit.

Recommendations Update to a version later than 6.2.0. As a temporary workaround, restrict access to the QoS 2 PUBLISH Packet Handler component to minimize the risk of exploitation.