PatchSiren cyber security CVE debrief
CVE-2026-46411 halfgaar CVE debrief
CVE-2026-46411 is a vulnerability in FlashMQ, a MQTT broker/server designed for multi-CPU environments. Prior to version 1.26.2, authorized clients could exceed their permitted write buffer over-commit, triggering an internal safe-guard exception. This exception was not catchable, causing a server abort. The issue has been patched in version 1.26.2.
- Vendor
- halfgaar
- Product
- FlashMQ
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-10
- Original CVE updated
- 2026-06-10
- Advisory published
- 2026-06-10
- Advisory updated
- 2026-06-10
Who should care
Users of FlashMQ prior to version 1.26.2 should update to the patched version to prevent potential server crashes.
Technical summary
The vulnerability has a CVSS score of 6.5 and a severity of MEDIUM. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The weakness is classified as CWE-248.
Defensive priority
MEDIUM
Recommended defensive actions
- Update FlashMQ to version 1.26.2 or later.
Evidence notes
The CVE record and details can be found at [cve-org]. More information is available at [nvd].
Official resources
CVE-2026-46411 was published on 2026-06-10T00:16:53.407Z and modified on 2026-06-10T20:19:06.020Z.