Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
NanoMQ MQTT Broker May Crash Due to Out-of-Bounds Integer Parsing
CVE-2026-21888
Summary
NanoMQ's MQTT v5 parsing code has a flaw that can cause it to crash when processing certain data. This affects versions 0.24.6 and earlier. To fix, update to a patched version of NanoMQ.
Original title
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably t...
Original description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.
nvd CVSS3.1
7.5
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026