EIP-2026-117118

PRE-CVE

Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-117118. PoCs published by Riadh Bouchahoua.

AI-analyzed exploit summary This is a writeup detailing an unquoted service path vulnerability in Eclipse Mosquitto MQTT broker 2.0.9 on Windows. It demonstrates how the service path can be exploited due to improper quoting, but does not include functional exploit code.

Description

Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path

Exploits (1)

exploitdb WRITEUP

by Riadh Bouchahoua · textlocalwindows

https://www.exploit-db.com/exploits/49673

View Code ZIP pw:eip

This is a writeup detailing an unquoted service path vulnerability in Eclipse Mosquitto MQTT broker 2.0.9 on Windows. It demonstrates how the service path can be exploited due to improper quoting, but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: Eclipse Mosquitto MQTT broker 2.0.9

Auth required

Prerequisites: Local access to the Windows system · Service running with unquoted path containing spaces

MITRE ATT&CK

T1574.009 - Path Interception by Unquoted Path

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026