threat
engine
.sh
Back
·
··:··
Home
/
Product
/
emqx nanomq
Product
emqx nanomq
32 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-32135
< 0.24.11
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.11 have a remotely triggerable heap b
7.5
HIGH
CVE-2026-34608
< 0.24.10
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the
4.9
MEDIUM
CVE-2026-32696
< 0.24.7
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTT
3.1
LOW
CVE-2026-25627
< 0.24.8
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket tran
6.5
MEDIUM
CVE-2026-21888
<= 0.24.6
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var
7.5
HIGH
CVE-2026-22040
< 0.24.6
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern
5.3
MEDIUM
CVE-2025-68699
all versions
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, NanoMQ has a protocol parsing / forwardin
6.5
MEDIUM
CVE-2024-48077
all versions
NanoMQ v0.22.7 is vulnerable to Denial of Service (DoS) due to improper resource throttling. A crafted sequence of requests causes
7.5
HIGH
CVE-2025-66023
< 0.24.5
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Versions prior to 0.24.5 have a Heap-Use-After-Free (UAF) vu
4.9
MEDIUM
CVE-2025-59946
< 0.24.4
NanoMQ MQTT Broker (NanoMQ) is an Edge Messaging Platform. Prior to version 0.24.2, there is a classical data racing issue about s
7.5
HIGH
CVE-2025-59947
< 0.24.4
NanoMQ is a messaging broker/bus for IoT Edge & SDV. Versions prior to 0.24.4 have a buffer overflow case while the PUBLISH packet
9.0
CRITICAL
CVE-2024-42655
all versions
An access control issue in NanoMQ v0.21.10 allows attackers to bypass security restrictions and access sensitive system topic mess
8.8
HIGH
CVE-2024-42651
all versions
NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability
7.5
HIGH
CVE-2024-42650
all versions
NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows at
7.5
HIGH
CVE-2024-42649
all versions
NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a crafted PU
6.5
MEDIUM
CVE-2024-42648
all versions
NanoMQ v0.22.10 was discovered to contain a heap overflow which allows attackers to cause a Denial of Service (DoS) via a crafted
6.5
MEDIUM
CVE-2024-42646
all versions
A segmentation fault in NanoMQ v0.21.10 allows attackers to cause a Denial of Service (DoS) via crafted messages.
7.5
HIGH
CVE-2024-44460
all versions
An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
7.5
HIGH
CVE-2024-31036
all versions
A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of service vi
6.8
MEDIUM
CVE-2024-31041
all versions
Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to cause a den
7.5
HIGH
CVE-2024-31040
all versions
Buffer Overflow vulnerability in the get_var_integer function in mqtt_parser.c in NanoMQ 0.21.7 allows remote attackers to cause a
2.7
LOW
CVE-2024-25767
all versions
nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c.
6.5
MEDIUM
CVE-2023-34494
all versions
NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c.
7.5
HIGH
CVE-2023-34488
all versions
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed
7.8
HIGH
CVE-2023-33657
all versions
A use-after-free vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_mqtt_msg_ge
7.5
HIGH
CVE-2023-33660
all versions
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function copyn_str
7.5
HIGH
CVE-2023-33658
all versions
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nni_msg_g
7.5
HIGH
CVE-2023-33659
all versions
A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. The vulnerability can be triggered by calling the function nmq_subin
7.5
HIGH
CVE-2023-33656
all versions
A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability is located in the file message.c. An attacker could exploit
5.5
MEDIUM
CVE-2023-29996
all versions
In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_de
7.5
HIGH
CVE-2023-29995
all versions
In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c
7.5
HIGH
CVE-2023-29994
all versions
In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c.
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin