Emqx Nanomq

32 CVEs affecting Emqx Nanomq. Latest disclosed: 2026-04-20. Critical: 1, High: 19.

Top CVEs affecting Emqx Nanomq
CVESeverityScorePublishedSummary
CVE-2025-59947Critical9.02025-12-15NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscri…
CVE-2024-42655High8.82025-07-29An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard char…
CVE-2023-34488High7.82023-06-12NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
CVE-2026-32135High7.52026-04-20NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_pa…
CVE-2026-21888High7.52026-03-11NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte var…
CVE-2024-48077High7.52026-01-15NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate…
CVE-2025-59946High7.52025-12-27NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could resu…
CVE-2024-42651High7.52025-07-29NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a D…
CVE-2024-42650High7.52025-07-15NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of…
CVE-2024-42646High7.52025-07-14A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
CVE-2024-44460High7.52024-09-12An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
CVE-2024-31041High7.52024-04-17Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service.
CVE-2023-34494High7.52023-06-12NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
CVE-2023-33657High7.52023-06-08A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the f…
CVE-2023-33660High7.52023-06-08A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c…
CVE-2023-33658High7.52023-06-08A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file mess…
CVE-2023-33659High7.52023-06-06A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_…
CVE-2023-29996High7.52023-05-04In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode.
CVE-2023-29995High7.52023-05-04In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
CVE-2023-29994High7.52023-05-04In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.