CVE-2026-6564
Received Received - Intake
Improper Authorization in EMQX Session Handling Enables Remote Attack

Publication date: 2026-04-19

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-19
Last Modified
2026-04-29
Generated
2026-06-16
AI Q&A
2026-04-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6564
EUVD
EUVD-2026-23692
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
emq emqx_enterprise to 6.1.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in EMQ EMQX Enterprise up to version 6.1.0, specifically in an unknown function related to Session Handling. It allows improper authorization, meaning that an attacker could bypass normal access controls.

The attack can be launched remotely, and the exploit has been made public, increasing the risk of exploitation.

The vendor was contacted early about this issue but did not respond.

Impact Analysis

This vulnerability can lead to improper authorization, which means unauthorized users might gain access to sessions or resources they should not have access to.

Since the attack can be performed remotely and the exploit is public, it increases the risk of unauthorized access or actions within the affected system.

The impact score is relatively low to moderate (CVSS v3.1 Base Score 4.3), indicating limited but notable risk, primarily related to availability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6564. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart