CVE-2026-8686: CWE-125 Out-of-bounds read in FreeRTOS coreMQTT
CVE-2026-8686 is a high-severity vulnerability in FreeRTOS coreMQTT version 5.0.0 involving an out-of-bounds read due to missing bounds validation in the MQTT v5.0 property parser. An MQTT broker can exploit this by sending a crafted packet, causing a denial of service and impacting availability. The issue is fixed in coreMQTT version 5.0.1, and users are advised to upgrade to this version.
AI Analysis
Technical Summary
CVE-2026-8686 is an out-of-bounds read vulnerability (CWE-125) in FreeRTOS coreMQTT version 5.0.0. The flaw arises from missing bounds validation in the MQTT v5.0 property parser, allowing a malicious MQTT broker to send a specially crafted packet that triggers the vulnerability. This results in a denial of service condition affecting the availability of the affected system. The vulnerability has a CVSS 3.1 base score of 7.5 (high severity) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts availability only. The issue is resolved in coreMQTT version 5.0.1.
Potential Impact
Successful exploitation allows an MQTT broker to cause an out-of-bounds read in the coreMQTT client, leading to a denial of service and impacting system availability. There is no confidentiality or integrity impact reported.
Mitigation Recommendations
A fix is available in coreMQTT version 5.0.1. Users should upgrade from version 5.0.0 to 5.0.1 to remediate this vulnerability. Refer to the AWS security advisory at https://aws.amazon.com/security/security-bulletins/2026-032-aws/ for official guidance.
CVE-2026-8686: CWE-125 Out-of-bounds read in FreeRTOS coreMQTT
Description
CVE-2026-8686 is a high-severity vulnerability in FreeRTOS coreMQTT version 5.0.0 involving an out-of-bounds read due to missing bounds validation in the MQTT v5.0 property parser. An MQTT broker can exploit this by sending a crafted packet, causing a denial of service and impacting availability. The issue is fixed in coreMQTT version 5.0.1, and users are advised to upgrade to this version.
CVSS v3.1
Score 7.5high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-8686 is an out-of-bounds read vulnerability (CWE-125) in FreeRTOS coreMQTT version 5.0.0. The flaw arises from missing bounds validation in the MQTT v5.0 property parser, allowing a malicious MQTT broker to send a specially crafted packet that triggers the vulnerability. This results in a denial of service condition affecting the availability of the affected system. The vulnerability has a CVSS 3.1 base score of 7.5 (high severity) with network attack vector, low attack complexity, no privileges or user interaction required, and impacts availability only. The issue is resolved in coreMQTT version 5.0.1.
Potential Impact
Successful exploitation allows an MQTT broker to cause an out-of-bounds read in the coreMQTT client, leading to a denial of service and impacting system availability. There is no confidentiality or integrity impact reported.
Mitigation Recommendations
A fix is available in coreMQTT version 5.0.1. Users should upgrade from version 5.0.0 to 5.0.1 to remediate this vulnerability. Refer to the AWS security advisory at https://aws.amazon.com/security/security-bulletins/2026-032-aws/ for official guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- AMZN
- Date Reserved
- 2026-05-15T14:25:50.894Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://aws.amazon.com/security/security-bulletins/2026-032-aws/","vendor":"AWS"}]
Threat ID: 6a076ec7ec166c07b0830af2
Added to database: 5/15/2026, 7:06:47 PM
Last enriched: 6/10/2026, 4:52:25 PM
Last updated: 6/17/2026, 11:33:07 PM
Views: 92
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.