CVE-2026-6564
Improper Authorization in EMQX Session Handling Enables Remote Attack
Publication date: 2026-04-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emq | emqx_enterprise | to 6.1.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in EMQ EMQX Enterprise up to version 6.1.0, specifically in an unknown function related to Session Handling. It allows improper authorization, meaning that an attacker could bypass normal access controls.
The attack can be launched remotely, and the exploit has been made public, increasing the risk of exploitation.
The vendor was contacted early about this issue but did not respond.
How can this vulnerability impact me? :
This vulnerability can lead to improper authorization, which means unauthorized users might gain access to sessions or resources they should not have access to.
Since the attack can be performed remotely and the exploit is public, it increases the risk of unauthorized access or actions within the affected system.
The impact score is relatively low to moderate (CVSS v3.1 Base Score 4.3), indicating limited but notable risk, primarily related to availability.