Mosquitto
Mosquitto is the dominant open-source MQTT broker, maintained by the Eclipse Foundation. It is widely deployed in IoT infrastructure and edge computing environments and is increasingly relevant to AI deployments on edge devices. NVD tracks it as eclipse:mosquitto.
Querying Mosquitto
mosquitto2.0.18, 2.0.14, 1.6.15curl "https://api.attestd.io/v1/check?product=mosquitto&version=2.0.10" \
-H "Authorization: Bearer $ATTESTD_KEY"Mosquitto 2.0.10 is affected by CVE-2023-28366 (memory leak DoS via malformed MQTT traffic). Expect risk_state: "high".
{
"product": "mosquitto",
"version": "2.0.10",
"supported": true,
"risk_state": "high",
"risk_factors": [
"denial_of_service",
"internet_exposed_service",
"patch_available",
"no_authentication_required"
],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "2.0.16",
"confidence": 0.78,
"cve_ids": ["CVE-2023-28366"],
"last_updated": "2026-02-23T18:21:30Z"
}Mosquitto 2.0.18 has no known relevant vulnerabilities at the time of the last synthesis run.
curl "https://api.attestd.io/v1/check?product=mosquitto&version=2.0.18" \
-H "Authorization: Bearer $ATTESTD_KEY"CVE history
Mosquitto CVEs concentrate in two areas: the MQTT packet parser (memory leaks and allocation failures via malformed CONNECT or partial packets) and the WebSocket bridge (an integer overflow in the frame handler before 1.4.15 allows heap overflow and potential code execution). Both are reachable from any connected MQTT client.
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2023-28366 | Memory leak in broker process via malformed or incomplete MQTT packets causes unbounded memory growth leading to denial of service. | < 2.0.16 | 7.5 |
CVE-2021-34434 | Improper memory allocation handling for malformed MQTT CONNECT packets allows remote denial of service. | < 2.0.12 | 7.5 |
CVE-2017-7657 | Integer overflow in WebSocket packet handler allows heap buffer overflow and potential code execution via crafted WebSocket frame. | < 1.4.15 | 9.8 |