CVE-2026-30867 — CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift.…

April 07, 2026 21:26 /HIGH

CVE Notify vulnerabilitycve

🚨 CVE-2026-30867 CocoaMQTT is a MQTT 5.0 client library for iOS and macOS written in Swift. Prior to version 2.2.2, a vulnerability exists in the packet parsing logic of CocoaMQTT that allows an attacker (or a compromised/malicious MQTT broker) to remotely crash the host iOS/macOS/tvOS application.

Merge pull request #659 from emqx/fix/publish-protocol-error-handling · emqx/CocoaMQTT@010bca6

github.com

What This Means For You

Affects Apple ecosystem — update macOS/iOS devices.
New vulnerability disclosed — verify if your stack is exposed.

Related ATT&CK Techniques

T1499 Endpoint Denial of Service Impact

🛡️ Detection Rules

1 rule · 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1499 Impact

DoS Traffic Pattern Detection

Sigma YAML — free preview

Source: Shimi's Cyber World · License & reuse

Indicators of Compromise

ID	Type	Indicator
CVE-2026-30867	DoS	CocoaMQTT versions prior to 2.2.2, packet parsing logic, malformed payload with RETAIN flag set to true
CVE-2026-30867	Information Disclosure	CocoaMQTT versions prior to 2.2.2, packet parsing logic, malformed payload with RETAIN flag set to true

Source & Attribution

Source Platform	Telegram
Channel	CVE Notify
Published	April 07, 2026 at 21:26 UTC

This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.

Believe this infringes your rights? Submit a takedown request.

What This Means For You

Related ATT&CK Techniques

🛡️ Detection Rules

DoS Traffic Pattern Detection

Indicators of Compromise

Related coverage

Daily Security Digest — 2026-05-22

WordPress Ditty Plugin: Authorization Bypass Exposes Non-Public Content

CVE-2026-8692 — The Vedrixa Forms – User Registration Form, Signup Form &