Emqx

Nanomq

26 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-68699

Exploit
  • EPSS 0.06%
  • Veröffentlicht 04.02.2026 19:25:12
  • Zuletzt bearbeitet 20.02.2026 21:20:09

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwarding inconsistency when handling shared subscriptions ($share/). A malformed SUBSCRIBE topic such as $share/ab (missing the...

7.5

CVE-2024-48077

  • EPSS 0.02%
  • Veröffentlicht 15.01.2026 00:00:00
  • Zuletzt bearbeitet 23.01.2026 19:06:10

An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. The number of data packets received in the recv-q queue of the Nanomq process continues to increase, causing the nanomq broker to fall into a deadlo...

4.9

CVE-2025-66023

  • EPSS 0.05%
  • Veröffentlicht 01.01.2026 15:15:41
  • Zuletzt bearbeitet 18.02.2026 16:34:58

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vulnerability within the MQTT bridge client component (implemented via the underlying NanoNNG library). The vulnerability ...

7.5

CVE-2025-59946

Exploit
  • EPSS 0.05%
  • Veröffentlicht 27.12.2025 01:15:41
  • Zuletzt bearbeitet 30.01.2026 21:14:23

NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about sub info list which could result in heap use after free crash. This issue has been patched in version 0.24.2.

9

CVE-2025-59947

  • EPSS 0.05%
  • Veröffentlicht 15.12.2025 20:19:17
  • Zuletzt bearbeitet 30.01.2026 21:14:03

NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packets trigger both shared subscription and vanila subscription. This is fixed in version 0.24.4. As a workaround, disable sh...

8.8

CVE-2024-42655

Exploit
  • EPSS 0.06%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 06.08.2025 17:46:27

An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic messages using MQTT wildcard characters.

7.5

CVE-2024-42651

Exploit
  • EPSS 0.14%
  • Veröffentlicht 29.07.2025 00:00:00
  • Zuletzt bearbeitet 06.08.2025 16:40:47

NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message.

7.5

CVE-2024-42650

Exploit
  • EPSS 0.14%
  • Veröffentlicht 15.07.2025 00:00:00
  • Zuletzt bearbeitet 17.07.2025 17:53:31

NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.

6.5

CVE-2024-42648

Exploit
  • EPSS 0.07%
  • Veröffentlicht 14.07.2025 00:00:00
  • Zuletzt bearbeitet 16.07.2025 19:15:25

NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted CONNECT message.

6.5

CVE-2024-42649

Exploit
  • EPSS 0.09%
  • Veröffentlicht 14.07.2025 00:00:00
  • Zuletzt bearbeitet 16.07.2025 18:15:23

NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message.