CVE-2026-32135

UNKNOWN 0.0

NanoMQ has Heap Buffer Overflow in URI Parameter Parsing

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap buffer overflow in the `uri_param_parse` function of NanoMQ's REST API. The vulnerability occurs due to an off-by-one error when allocating memory for query parameter keys and values, allowing an attacker to write a null byte beyond the allocated buffer. This can be triggered via a crafted HTTP request. Version 0.24.11 patches the issue.

CWE	CWE-122
Vendor	nanomq
Product	nanomq
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for nanomq nanomq

Be the first to know when new unknown vulnerabilities affecting nanomq nanomq are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

nanomq / nanomq

< 0.24.11

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599 github.com: https://github.com/nanomq/nanomq/issues/2247 github.com: https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394