A vulnerability was found in LiamBindle MQTT-C up to 1.1.6 . It has been declared as problematic . Affected by this issue is the function mqtt_unpack_publish_response of the file src/mqtt.c of the component PUBLISH Handler . The manipulation results in out-of-bounds read. This vulnerability is identified as CVE-2026-54412 . The attack can be executed remotely. There is not any exploit available.