DNA View

CVE-2026-6564

Medium

Low Medium High Critical

4.3

CVSS Score

Published: Apr 19, 2026

Last Modified: Apr 19, 2026

CWE: CWE-266

Vulnerability Description

A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

Severity Details

4.3

out of 10.0

Medium

Weakness Type (CWE)

CWE-266

Incorrect Privilege Assignment

Description: A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Typical Severity: High
Abstraction Level: Base

View CWE Details on MITRE

Key Information

Published Date: April 19, 2026

External Resources

NIST NVD

National Vulnerability Database

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages