Vulnerability in Nanomq
CVE-2026-44640
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This type confusion causes invalid object int…
EPSS: 0.000 (2.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.5 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L.
Affected products
- Nanomq — versions < 0.24.14
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_CONFIRM)
Frequently asked questions
- What is CVE-2026-44640?
- CVE-2026-44640 is a medium-severity vulnerability in Nanomq, classified under Access of Resource Using Incompatible Type (Type Confusion). CVSS score: 4.5/10. Published 2026-05-29.
- How severe is CVE-2026-44640?
- Medium severity. CVSS v3 base score is 4.5 out of 10.