CVE-2026-30867 โ CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift.โฆ
Image via opengraph.githubassets.com
๐จ CVE-2026-30867 CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a compromised/malicious MQTT broker) to remotely crash the host iOS/macOS/tvOS application.
Merge pull request #659 from emqx/fix/publish-protocol-error-handling ยท emqx/CocoaMQTT@010bca6
github.com
What This Means For You
- Affects Apple ecosystem โ update macOS/iOS devices.
- New vulnerability disclosed โ verify if your stack is exposed.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-30867 | DoS | CocoaMQTT versions prior to 2.2.2, packet parsing logic, malformed payload with RETAIN flag set to true |
| CVE-2026-30867 | Information Disclosure | CocoaMQTT versions prior to 2.2.2, packet parsing logic, malformed payload with RETAIN flag set to true |
๐ Recommended Tools
๐ค
SCW Elite Bot
Get IOC packs, detection rules & premium threat intel โ pay with Telegram Stars โญ
Open Bot โ
Source & Attribution
| Source Platform | Telegram |
| Channel | CVE Notify |
| Channel ID | 1129491012 |
| Message ID | 158332 |
| Published | April 07, 2026 at 21:26 UTC |
| Original Link | https://github.com/emqx/CocoaMQTT/commit/010bca6f61b97d72... |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Found this interesting? Follow us to stay ahead.
Share