CVE-2026-8686 - Heap out-of-bounds read in coreMQTT MQTT5 property parsing

AWS ยท 2026-06-05

Actions

Rate this issue

Technical Details

Affected Versions v5.0.0
Regions all
CVE IDs CVE-2026-8686
Migration Required Yes
Cost Impact Neutral
IaC Impact High

What This Means

For DevOps Teams

Update coreMQTT to version 5.0.1 to address the CVE-2026-8686 vulnerability and prevent potential crashes caused by malicious MQTT packets.

For Platform Teams

Deploy the latest coreMQTT version to ensure the platform remains secure and stable against potential denial of service attacks.

For Executives

Implement the coreMQTT version 5.0.1 update to mitigate the risk of denial of service attacks due to the identified heap out-of-bounds read vulnerability.

Source

View original AWS announcement โ†’

Weekly AWS Digest in Your Inbox

No spam, no headlines. Just a weekly summary of the 3โ€“7 AWS changes that matter for DevOps and Platform teams.

๐Ÿ“ง Exactly 1 email per week โ€ข Every Tuesday โ€ข Unsubscribe anytime

Today: AWS only. Coming next: Azure and other major clouds.