CVE-2026-44640

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

PT-2026-44985

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-prov data is stored as nni quic conn during dialing, but read as ex quic conn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...

CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2024-48077

NanoMQ v0.22.7 is vulnerable to Denial of Service DoS due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate, leading to the rapid exhaustion of system file descriptors FDs. This exhaustion triggers a process crash, rendering the broker unable to...

CVE-2025-59947 NanoMQ has Buffer Overflow

NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable shared subscription...

PT-2025-51314

Name of the Vulnerable Software and Affected Versions NanoMQ versions prior to 0.24.4 Description NanoMQ is a messaging broker/bus designed for IoT Edge and SDV environments. A buffer overflow can occur when processing PUBLISH packets that trigger both shared and standard subscriptions. This issu...

NanoMQ 资源管理错误漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open sourced by EMQ USA. A resource management error vulnerability exists in NanoMQ versions prior to 0.22.5, which stems from a post-release reuse in the TCP transport component that could lead to memory corruption...

EUVD-2023-37814

Malicious code in bioql PyPI...

EUVD-2024-54784

Malicious code in bioql PyPI...

EUVD-2023-38545

Malicious code in bioql PyPI...

EUVD-2023-38551

Malicious code in bioql PyPI...

EUVD-2024-54787

Malicious code in bioql PyPI...

EUVD-2023-37816

Malicious code in bioql PyPI...

EUVD-2024-54836

Malicious code in bioql PyPI...

CVE-2024-42651

NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component subCtxhandle. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted SUBSCRIBE message...

CVE-2024-42655

CVE-2024-42655 affects NanoMQ v0.21.10 and describes an access control issue that allows bypassing security restrictions to access sensitive system topic messages via MQTT wildcard characters. The available connected sources specify the affected software and the root cause as improper access cont...

NanoMQ 安全漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ USA. A security vulnerability exists in NanoMQ version 0.17.9, which stems from the presence of heap reuse after heap release in the subCtxhandle component, which could lead to a denial of service attack...

CVE-2024-42655

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters...

CVE-2024-42651

CVE-2024-42651 affects NanoMQ v0.17.9 with a heap use-after-free in the sub_Ctx_handle component that can cause a Denial of Service when processing a crafted SUBSCRIBE message. Root cause is use-after-free in heap management. The available documents do not provide a confirmed fix or patched versi...

PT-2025-31247 · Nanomq · Nanomq

Name of the Vulnerable Software and Affected Versions: NanoMQ version 0.21.10 Description: An access control issue in NanoMQ version 0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters. Recommendations: At the moment,...