Handler on Duty: Xavier Mertens
Threat Level: green
| Published | 2026-06-04 04:17:15 |
|---|---|
| Last Modified | 2026-06-04 04:17:15 |
| AKA | CVE-2026-49186 |
| Summary | The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands. |
| Access Vector | Local | Adjacent | Network |
|---|---|---|---|
| Access Complexity | Low | Medium | High |
| Authentication | None | Single | Multiple |
| Confidentiality | None | Partial | Complete |
| Integrity | None | Partial | Complete |
| Availability | None | Partial | Complete |