NULL pointer dereference in Nanomq
CVE-2026-45151
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not r…
EPSS: 0.001 (18.3th percentile) — read the EPSS interpretation.
Affected products
- Nanomq — versions <= 0.24.8
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)