Description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c->mtx.
Published: 2026-05-29
Score: 2.9 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

NanoMQ MQTT Broker versions 0.24.8 and earlier contain a null pointer dereference in the quic_stream_recv function. When a substream is in a reopen state, the function may dereference a null substream pointer. This flaw causes the broker to crash or become unstable, resulting in a denial of service to clients that rely on the broker for messaging. The vulnerability does not provide a direct path to remote code execution but can be exploited to disrupt broker availability.

Affected Systems

The affected product is NanoMQ, an MQTT broker designed for edge messaging. All releases up through 0.24.8 are impacted. Versions newer than 0.24.8 are not affected according to the advisory.

Risk and Exploitability

The CVSS score of 2.9 indicates low severity. EPSS is not available, and the vulnerability is not listed in the CISA KEV catalog. Attacks would likely require the ability to trigger a substream reopen state, possibly through crafted MQTT traffic over the QUIC protocol. The impact is confined to a crash or service interruption, and exploitation would be easier in environments where the broker is accessible to uncontrolled clients.

Generated by OpenCVE AI on May 29, 2026 at 21:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Patch NanoMQ to a release that fixes the null pointer dereference (CWE‑476).
  • If upgrading is not immediately possible, configure the broker to disable QUIC connections or otherwise prevent clients from using the QUIC protocol until the upgrade can be applied.
  • Implement a monitoring and restart mechanism to automatically recover the broker after a crash, ensuring minimal downtime.

Generated by OpenCVE AI on May 29, 2026 at 21:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Nanomq
Nanomq nanomq
Vendors & Products Nanomq
Nanomq nanomq

Fri, 29 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c->mtx.
Title NanoMQ: NULL Pointer Dereference
Weaknesses CWE-476
References
Metrics cvssV4_0

{'score': 2.9, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Nanomq Nanomq
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T19:30:37.712Z

Reserved: 2026-05-08T20:44:38.964Z

Link: CVE-2026-45151

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-05-29T20:16:25.700

Modified: 2026-05-29T20:21:38.773

Link: CVE-2026-45151

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-29T22:00:09Z

Weaknesses