CVE-2026-21888 MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...

NanoMQ 安全漏洞

NanoMQ is a lightweight and fast MQTT Broker for IoT edge platforms open-sourced by EMQ Technologies, USA. A security vulnerability exists in NanoMQ version 0.21.7, which stems from a buffer overflow vulnerability in the getvarinteger function in the file mqttparser.c. The vulnerability can be...