CVE-2026-6564

MEDIUM

EMQ EMQX Enterprise Session Handling improper authorization

Title source: cna

Description

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Core 4

Core References

Vdb Entry vdb-entry

VDB-358201 | EMQ EMQX Enterprise Session Handling improper authorization

https://vuldb.com/vuln/358201

Signature, Permissions Required signature permissions-required

VDB-358201 | CTI Indicators (IOB, IOC, TTP)

https://vuldb.com/vuln/358201/cti

Third Party Advisory third-party-advisory

Submit #789924 | EMQ Technologies Inc. EMQX Enterprise 6.1.0 Improper Access Control

https://vuldb.com/submit/789924

Exploit exploit

https://github.com/cailiujia/CVE

View Exploit ZIP pw:eip

Scores

CVSS v3 4.3

EPSS 0.0033

EPSS Percentile 25.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-266 CWE-285

Status published

Products (2)

EMQ/EMQX Enterprise 6.0

EMQ/EMQX Enterprise 6.1.0

Published Apr 19, 2026

Tracked Since Apr 19, 2026