PT-2026-38399

Name of the Vulnerable Software and Affected Versions Netty affected versions not specified Description Resource exhaustion occurs because the MQTT 5 header Properties section is parsed and buffered before any message size limit is applied. In the MqttDecoder class, the decodeVariableHeader...

CVE-2025-65953 NanoMQ UAF of retain message due to invalid MQTTV5 properties

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.22.5, a Heap-Use-After-Free UAF vulnerability exists in the TCP transport component of NanoMQ, which relies on the underlying NanoNNG library specifically in src/sp/transport/mqtt/brokertcp.c. The vulnerability...