Flashmq: >> Flashmq Security Vulnerabilities
FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.23.2, any authenticated user can create sessions and have them collect QoS messages. When not sent to a client, these are then not released upon (eventual) session expiration. Version 1.23.2 fixes the issue.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-10-24
FlashMQ v1.14.0 was discovered to contain an assertion failure in the function PublishCopyFactory::getNewPublish, which occurs when the QoS value of the publish object is greater than 0.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-29
An issue in FlashMQ v1.14.0 allows attackers to cause an assertion failure via sending a crafted retain message, leading to a Denial of Service (DoS).
CVSS Score
7.5
EPSS Score
0.001
Published
2025-07-29