Description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.
Published: 2026-03-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service (Out-of-Bounds Read)
Action: Immediate Patch
AI Analysis

Impact

NanoMQ MQTT Broker contains a flaw in the MQTT v5 Variable Byte Integer parsing routine get_var_integer(). The routine accepts up to five-byte varints without bounds checks, causing an out‑of‑bounds read when a malformed payload is processed. The vulnerability leads to an application crash (identified when built with Address Sanitizer). This results in a denial of service that can interrupt broker availability.

Affected Systems

The affected vendor is nanomq, product NanoMQ MQTT Broker. All releases up to and including version 0.24.6 are vulnerable. Users should ensure they run a version newer than 0.24.6.

Risk and Exploitability

CVSS score is 7.5, indicating moderate to high severity. EPSS score is under 1%, showing low immediate exploit probability. The vulnerability is not listed in the CISA KEV catalog. The flaw can be triggered via malicious MQTT v5 traffic containing an oversized variable byte integer, implying a remote exploitation path and the primary risk being service disruption.

Generated by OpenCVE AI on March 17, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade NanoMQ to any release newer than 0.24.6.

Generated by OpenCVE AI on March 17, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Emqx
Emqx nanomq
CPEs cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*
Vendors & Products Emqx
Emqx nanomq

Thu, 12 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Nanomq
Nanomq nanomq
Vendors & Products Nanomq
Nanomq nanomq

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 11 Mar 2026 15:30:00 +0000

Type Values Removed Values Added
Description NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.
Title MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()
Weaknesses CWE-125
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Subscriptions

Emqx Nanomq
Nanomq Nanomq
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-11T15:35:36.678Z

Reserved: 2026-01-05T17:24:36.929Z

Link: CVE-2026-21888

cve-icon Vulnrichment

Updated: 2026-03-11T15:35:27.865Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-11T16:16:23.930

Modified: 2026-03-17T19:20:17.350

Link: CVE-2026-21888

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:55:32Z

Weaknesses