| 标题 | EMQX EMQX Broker EMQX 6.1.0 (confirmed) Race Condition |
|---|
| 描述 | EMQX Broker contains a non-atomic state persistence flaw in the handling of MQTT QoS 2 PUBLISH packets for persistent sessions. The broker publishes a message to subscribers before the corresponding PacketId deduplication state is durably committed, and the state commit is deferred asynchronously. If the broker crashes, recovers, or the client reconnects during this persistence window, the PacketId state may be lost, causing the same QoS 2 message to be accepted and published again. This violates the MQTT QoS 2 exactly-once guarantee and can result in integrity-impacting duplicate message delivery in downstream systems.
Vendor Homepage
https://www.emqx.com/zh
Product Source / Repository
https://github.com/emqx/emqx
Report / Reference
https://github.com/Pathfind-tama/Report_EMQX_MQTT |
|---|
| 来源 | ⚠️ https://github.com/Pathfind-tama/Report_EMQX_MQTT |
|---|
| 用户 | CCCaaa (UID 96811) |
|---|
| 提交 | 2026-04-22 11時01分 (1 月前) |
|---|
| 管理 | 2026-05-16 13時19分 (24 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 364329 [EMQX 直到 6.2.0 QoS 2 PUBLISH Packet emqx_persistent_session_ds.erl 竞争条件] |
|---|
| 积分 | 20 |
|---|