CVE-2026-22040
MEDIUMNanoMQ < 0.24.6 - Use-After-Free via High-Frequency Publish and Reconnect Traffic
Title source: llmDescription
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://github.com/nanomq/nanomq/security/advisories/GHSA-v57q-w88m-424r
Scores
CVSS v3
5.3
EPSS
0.0022
EPSS Percentile
12.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (1)
emqx/nanomq
< 0.24.6
Published
Mar 04, 2026
Tracked Since
Mar 05, 2026