Skip to main content

Nanomq EUVDEUVD-2026-17209

| CVE-2026-32696 LOW
NULL Pointer Dereference (CWE-476)
2026-03-30 GitHub_M
3.1
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
3.1 LOW
AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
0.24.7
EUVD ID Assigned
Mar 30, 2026 - 20:30 euvd
EUVD-2026-17209
Analysis Generated
Mar 30, 2026 - 20:30 vuln.today
CVE Published
Mar 30, 2026 - 20:11 nvd
LOW 3.1

DescriptionGitHub Advisory

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.http_auth (HTTP authentication), when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P (e.g., username="%u", password="%P"), the HTTP request construction phase enters auth_http.c:set_data(). This results in calling strlen() on a NULL pointer, causing a SIGSEGV crash. This crash can be triggered remotely, resulting in a denial of service. This issue has been patched in version 0.24.7.

AnalysisAI

Remote denial of service in NanoMQ MQTT Broker 0.24.6 allows unauthenticated remote attackers to crash the broker by connecting without credentials when HTTP authentication is enabled with username/password placeholders, triggering a null pointer dereference in the auth_http.c module. The vulnerability requires high attack complexity (user interaction via specific MQTT CONNECT configuration) but results in broker unavailability. Vendor-released patch version 0.24.7 addresses the issue.

Technical ContextAI

NanoMQ is an MQTT message broker used in edge computing environments. The vulnerability exists in the HTTP authentication module (auth_http.c), specifically in the set_data() function responsible for constructing HTTP authentication requests. When HTTP authentication is enabled via auth.http_auth configuration, the broker attempts to validate MQTT CONNECT messages by forwarding credentials to an external HTTP server. The vulnerability occurs when configuration parameters use string placeholders %u (username) and %P (password) but a client connects without providing credentials, leaving these values NULL. The set_data() function unsafely calls strlen() on these NULL pointers without validation, causing a SIGSEGV signal that terminates the broker process. This is a classic null pointer dereference (CWE-476) in memory safety-critical authentication code. The CPE cpe:2.3:a:nanomq:nanomq:*:*:*:*:*:*:*:* confirms the product family is affected across versions prior to the patch.

RemediationAI

Upgrade NanoMQ to version 0.24.7 or later, which includes the fix for null pointer handling in the auth_http.c module. The upstream fix is committed at https://github.com/nanomq/nanomq/commit/c20aa27e5290bb480a5315099952480d35f37a8b and integrated pull request https://github.com/nanomq/NanoNNG/pull/1394. For deployments unable to upgrade immediately, temporarily disable HTTP authentication (auth.http_auth) or avoid using %u/%P placeholders in authentication configuration parameters. Administrators should verify broker stability after upgrading and test HTTP authentication functionality with both authenticated and unauthenticated MQTT clients to confirm the crash is resolved.

More in Nanomq

View all
CVE-2023-34488 HIGH POC
7.8 Jun 12

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes

CVE-2024-42646 HIGH POC
7.5 Jul 14

CVE-2024-42646 is a segmentation fault vulnerability in NanoMQ v0.21.10 that allows unauthenticated remote attackers to

CVE-2024-31041 HIGH POC
7.5 Apr 17

Null Pointer Dereference vulnerability in topic_filtern function in mqtt_parser.c in NanoMQ 0.21.7 allows attackers to c

CVE-2023-33657 HIGH POC
7.5 Jun 08

A use-after-free vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remotely e

CVE-2023-33660 HIGH POC
7.5 Jun 08

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-33658 HIGH POC
7.5 Jun 08

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-33659 HIGH POC
7.5 Jun 06

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remo

CVE-2023-29996 HIGH POC
7.5 May 04

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and un

CVE-2023-29995 HIGH POC
7.5 May 04

In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c. Rated high severity (CVSS 7.5),

CVE-2023-29994 HIGH POC
7.5 May 04

In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. Rated high severity (CVSS 7.5), this vul

CVE-2024-31036 MEDIUM POC
6.8 Apr 22

A heap-buffer-overflow vulnerability in the read_byte function in NanoMQ v.0.21.7 allows attackers to cause a denial of

CVE-2024-42649 MEDIUM POC
6.5 Jul 14

NanoMQ v0.22.10 was discovered to contain a memory leak which allows attackers to cause a Denial of Service (DoS) via a

Share

EUVD-2026-17209 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy