Emqx Nanomq
32 CVEs affecting Emqx Nanomq. Latest disclosed: 2026-04-20. Critical: 1, High: 19.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-59947 | Critical | 9.0 | 2025-12-15 | NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscri… |
CVE-2024-42655 | High | 8.8 | 2025-07-29 | An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard char… |
CVE-2023-34488 | High | 7.8 | 2023-06-12 | NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. |
CVE-2026-32135 | High | 7.5 | 2026-04-20 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_pa… |
CVE-2026-21888 | High | 7.5 | 2026-03-11 | NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte var… |
CVE-2024-48077 | High | 7.5 | 2026-01-15 | NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes the recv-q queue to saturate… |
CVE-2025-59946 | High | 7.5 | 2025-12-27 | NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could resu… |
CVE-2024-42651 | High | 7.5 | 2025-07-29 | NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a D… |
CVE-2024-42650 | High | 7.5 | 2025-07-15 | NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of… |
CVE-2024-42646 | High | 7.5 | 2025-07-14 | A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages. |
CVE-2024-44460 | High | 7.5 | 2024-09-12 | An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS). |
CVE-2024-31041 | High | 7.5 | 2024-04-17 | Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a denial of service. |
CVE-2023-34494 | High | 7.5 | 2023-06-12 | NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. |
CVE-2023-33657 | High | 7.5 | 2023-06-08 | A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_get_publish_property() in the f… |
CVE-2023-33660 | High | 7.5 | 2023-06-08 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str() in the file mqtt_parser.c… |
CVE-2023-33658 | High | 7.5 | 2023-06-08 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_get_pub_pid() in the file mess… |
CVE-2023-33659 | High | 7.5 | 2023-06-06 | A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subinfo_decode() in the file mqtt_… |
CVE-2023-29996 | High | 7.5 | 2023-05-04 | In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. |
CVE-2023-29995 | High | 7.5 | 2023-05-04 | In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c |
CVE-2023-29994 | High | 7.5 | 2023-05-04 | In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. |