34 matches found
CVE-2026-45151
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
EUVD-2026-33429
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quicstreamrecv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c-mtx...
CVE-2026-44640
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to 0.24.14, aio-provdata is stored as nniquicconn during dialing, but read as exquicconn during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This...
NanoMQ 安全漏洞
NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.14 contained a security vulnerability. This vulnerability stemmed from the fact that data stored as “nniquicconn” during dialing was read as “exquicconn” when the dialer was...
NanoMQ 代码问题漏洞
NanoMQ is an open-source IoT edge platform broker developed by EMQ in the United States. Versions of NanoMQ prior to 0.24.8 have code vulnerabilities. These vulnerabilities stem from the quicstreamrecv function, which cancels references to empty substream pointers when the substream is reopened,...
EUVD-2026-30965
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...
CVE-2026-32134 NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...
CVE-2026-32135
NanoMQ (MQTT broker) is affected in versions prior to 0.24.11 by a remotely triggerable heap buffer overflow in the uri_param_parse function of the REST API due to an off-by-one error when allocating memory for query parameter keys/values. An attacker can trigger this via a crafted HTTP request, ...
CVE-2026-32135 NanoMQ has Heap Buffer Overflow in URI Parameter Parsing
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the uriparamparse function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys an...
CVE-2026-34608
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
EUVD-2026-18464
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
CVE-2026-34608
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...
PT-2026-29862
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook inproc.c, the hook work cb function processes nng messages by parsing the message body with cJSON Parsebody. The body is obtained from nng msg bodymsg, which is a binary buffer withou...
CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...
CVE-2026-21888 MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...
CVE-2026-21888 MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...
CVE-2026-22040
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
CVE-2026-22040 NanoMQ 0.24.6 Use-After-Free Leading to Heap Corruption and Broker Crash
NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory...
CVE-2026-22040
The vulnerability CVE-2026-22040 affects NanoMQ (NanoMQ) Broker version 0.24.6. A crafted traffic pattern—high-frequency publishes with rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter—can reliably trigger a heap memory corruption in the Broker process, ca...