The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (#ย orย +) to enumerate hidden network devices or publish rogue control commands.
The local MQTT
Exploit
CVE-2026-49186
NVD
Refer to CVE-2026-49186 NVD advisory