NanoMQ MQTT Broker Crashes with Malicious Traffic

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

NanoMQ MQTT Broker Crashes with Malicious Traffic

CVE-2026-22040

Summary

NanoMQ MQTT Broker versions 0.24.6 and earlier can crash and exit unexpectedly when faced with a specific, malicious traffic pattern. This can cause downtime and data loss. Until a patch is available, consider avoiding use of version 0.24.6 or configuring your system to restart the service if it crashes.

Original title

Original description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In version 0.24.6, by generating a combined traffic pattern of high-frequency publishes and rapid reconnect/kick-out using the same ClientID and massive subscribe/unsubscribe jitter, it is possible to reliably trigger heap memory corruption in the Broker process, causing it to exit immediately with SIGABRT due to free(): invalid pointer. As of time of publication, no known patched versions are available.

nvd CVSS3.1 5.3

Vulnerability type

CWE-416 Use After Free

https://github.com/nanomq/nanomq/security/advisories/GHSA-v57q-w88m-424r

Published: 4 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026