CVE 8.9 HIGH

FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CRITICAL PARAMETERS_CVE-2026-22535

January 7, 2026 invoker category_cve

8.9 / 10

HIGH

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications

AI Analysis

Unsecured MQTT communications protocol allows an attacker to modify critical parameters

Basic Information

ID CVE-2026-22535

Source S21sec

Published Jan 7, 2026 at 16:37

Modified Jan 7, 2026 at 16:59

Affected Product

Vendor EFACEC

Product QC 60/90/120

Version 8

Affected Versions EFACEC QC 60/90/120 8

CWE Classification

CWE-1366

AI Assessment

AI Score 8.9 / 10

AI Severity High

Vendor EFACEC

Product QC 60/90/120

Version 8

References

cds.thalesgroup.com /en

{
    "lastseen": "",
    "description": "An attacker with the ability to interact through the network and with access credentials, could, thanks to the unsecured (unencrypted) MQTT communications protocol, write on the server topics of the board that controls the MQTT communications",
    "published": "2026-01-07T16:37:18.042Z",
    "modified": "2026-01-07T16:59:20.174Z",
    "type": "cve",
    "title": "FRAIL SECURITY IN MQTT PROTOCOL ALLOWS AN ATTACKER MODIFY CRITICAL PARAMETERS",
    "source": "S21sec",
    "references": "https://cds.thalesgroup.com/en",
    "id": "CVE-2026-22535",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1366"
    ],
    "cvelist": null,
    "sourceData": "EFACEC QC 60/90/120 8",
    "sourceHref": "",
    "cvss": {
        "score": 8.9,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "QC 60/90/120",
    "version": "8",
    "vendor": "EFACEC",
    "ai_description": "Unsecured MQTT communications protocol allows an attacker to modify critical parameters",
    "ai_severity": "High",
    "ai_vendor": "EFACEC",
    "ai_product": "QC 60/90/120",
    "ai_version": "8",
    "ai_score": 8.9
}

💭 Join the Security Discussion ❌ Cancel Reply