| عنوان | EMQX EMQX Broker EMQX 6.1.0 (confirmed) Race Condition |
|---|
| الوصف | EMQX Broker contains a non-atomic state persistence flaw in the handling of MQTT QoS 2 PUBLISH packets for persistent sessions. The broker publishes a message to subscribers before the corresponding PacketId deduplication state is durably committed, and the state commit is deferred asynchronously. If the broker crashes, recovers, or the client reconnects during this persistence window, the PacketId state may be lost, causing the same QoS 2 message to be accepted and published again. This violates the MQTT QoS 2 exactly-once guarantee and can result in integrity-impacting duplicate message delivery in downstream systems.
Vendor Homepage
https://www.emqx.com/zh
Product Source / Repository
https://github.com/emqx/emqx
Report / Reference
https://github.com/Pathfind-tama/Report_EMQX_MQTT |
|---|
| المصدر | ⚠️ https://github.com/Pathfind-tama/Report_EMQX_MQTT |
|---|
| المستخدم | CCCaaa (UID 96811) |
|---|
| ارسال | 22/04/2026 11:01 AM (2 أشهر منذ) |
|---|
| الاعتدال | 16/05/2026 01:19 PM (24 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 364329 [EMQX حتى 6.2.0 QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl حالة سباق] |
|---|
| النقاط | 20 |
|---|