EUVD-2026-11190

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...

CVE-2026-21888

CVE-2026-21888 affects NanoMQ (MQTT v5) where get_var_integer() in the Variable Byte Integer parser accepts 5-byte varints without bounds checks, causing an out-of-bounds read and potential crash when built with ASan. Impact is described as high severity (CVSSv3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N...

CVE-2026-21888 MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...

CVE-2026-21888

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...

PT-2026-24697

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get var integer accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...