| tiêu đề | EMQX EMQX Broker EMQX 6.1.0 (confirmed) Race Condition |
|---|
| Mô tả | EMQX Broker contains a non-atomic state persistence flaw in the handling of MQTT QoS 2 PUBLISH packets for persistent sessions. The broker publishes a message to subscribers before the corresponding PacketId deduplication state is durably committed, and the state commit is deferred asynchronously. If the broker crashes, recovers, or the client reconnects during this persistence window, the PacketId state may be lost, causing the same QoS 2 message to be accepted and published again. This violates the MQTT QoS 2 exactly-once guarantee and can result in integrity-impacting duplicate message delivery in downstream systems.
Vendor Homepage
https://www.emqx.com/zh
Product Source / Repository
https://github.com/emqx/emqx
Report / Reference
https://github.com/Pathfind-tama/Report_EMQX_MQTT |
|---|
| Nguồn | ⚠️ https://github.com/Pathfind-tama/Report_EMQX_MQTT |
|---|
| Người dùng | CCCaaa (UID 96811) |
|---|
| Đệ trình | 22/04/2026 11:01 (cách đây 1 tháng) |
|---|
| Kiểm duyệt | 16/05/2026 13:19 (24 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 364329 [EMQX đến 6.2.0 QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl điều kiện tranh chấp] |
|---|
| điểm | 20 |
|---|