CVE-2026-8686

High

Published: 15 May 2026

Published

15 May 2026

Modified

15 May 2026

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0003 9.3th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-8686 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Amazon (inferred from references). Its CVSS base score is 7.5 (High).

Operationally, ranked at the 9.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

NVD Description

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s): CWE-125

Affected Products

Amazon

—

inferred from references and description; NVD did not file a CPE for this CVE

References

https://aws.amazon.com/security/security-bulletins/2026-032-aws/
ff89ba41-3aa1-4d27-914a-91399e9639e5
https://github.com/FreeRTOS/coreMQTT/releases/tag/v5.0.1
ff89ba41-3aa1-4d27-914a-91399e9639e5
https://github.com/FreeRTOS/coreMQTT/security/advisories/GHSA-6qh9-r6jp-2wxc
ff89ba41-3aa1-4d27-914a-91399e9639e5