CVE-2026-8741
âšī¸ lowSummary
A vulnerability has been found in EMQX up to 6.2.0. This affects an unknown function of the file apps/emqx/src/emqx_persistent_session_ds.erl of the component QoS 2 PUBLISH Packet Handler. Such manipulation leads to race condition. The attack may be performed from remote. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.
CVSS Score
3.1
Low
EPSS Score
0.1
Exploit Probability
Published Date
2026-05-17
First Seen: 2026-05-18
đ Relative Risk Intelligence
This CVE is Lower Risk - more severe than 2.1% of all 327,035 vulnerabilities in our database.
#320,194
Below average severity
Severity Percentile
đ¯ CISA SSVC Assessment Updated: May 18, 2026
đ Exploitation Status
Poc
Proof-of-concept available
âī¸ Automatable
NO
Requires human interaction
đĨ Technical Impact
Partial
Limited system impact
đ Discovered By
CCCaaa (VulDB User) (reporter)
VulDB CNA Team (coordinator)
SSVC data provided by
CISA
Last Modified
2026-05-20
Source
NVD đ
CVSS Vector 3.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
CVSS Vector 4.0
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CWE IDs (Weakness Types)