Message Queuing Telemetry Transport (MQTT) has emerged as a promising communication protocol for Internet of Things (IoT) ecosystems, enabling lightweight, scalable publish-subscribe messaging across resource-constrained devices. As MQTT adoption accelerates across critical domains from smart cities to industrial automation, ensuring protocol security through rigorous testing has become crucial. This paper presents a comprehensive comparative analysis of MQTT fuzzing methodologies, systematically examining 24 research works published between 2018 and 2025 to evaluate their approaches, techniques, and effectiveness in vulnerability discovery. Our evaluation reveals significant evolution in MQTT fuzzing research, from early mutation-based approaches to sophisticated AI-driven methodologies and collaborative fuzzing techniques. The analysis identifies critical gaps in current research, including limited support for new features, insufficient attention to real-world deployment scenarios, and inadequate exploration of cross-broker compatibility testing. We provide a taxonomy of fuzzing paradigms, normalize published results into a reporting framework, and offer recommendations for future research directions. Our findings demonstrate that while significant progress has been made in MQTT fuzzing methodologies, substantial opportunities remain for advancing protocol security testing through integrated approaches that address MQTT’s unique architectural and operational characteristics.
