← back
CVE-2026-22535

FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CRITICAL PARAMETERS

CVSS 8.9 HIGHEPSS 0.1%CWE-1366
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.9EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
07 Jan 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Affected products
EFACEC · QC 60/90/120

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cds.thalesgroup.com/en