CVE-2026-25627

Published: Mar 30, 2026Modified: Apr 2, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8.

Affected (1)

Products: Emqx: Nanomq

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Emqx Nanomq	Before 0.24.8

Related CWEs

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (5)

https://github.com/nanomq/NanoNNG/commit/e80b30bad6d855593a68d18f2785bfaca6faf09e

Source: security-advisories@github.com

Patch

https://github.com/nanomq/NanoNNG/pull/1405

Source: security-advisories@github.com

Issue TrackingPatch

https://github.com/nanomq/nanomq/releases/tag/0.24.8

Source: security-advisories@github.com

Release Notes

https://github.com/nanomq/nanomq/security/advisories/GHSA-w4rh-v3h2-j29x

Source: security-advisories@github.com

ExploitVendor Advisory

https://github.com/nanomq/nanomq/security/advisories/GHSA-w4rh-v3h2-j29x

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitVendor Advisory

Timeline

No history available yet.