CVE-2026-21888

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/nanomq/nanomq/issues/2192	Issue Tracking
https://github.com/nanomq/nanomq/security/advisories/GHSA-cggc-6m7w-j7x5	Exploit Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:emqx:nanomq:*:*:*:*:*:*:*:*

History

17 Mar 2026, 19:20

Type	Values Removed	Values Added
Summary		(es) NanoMQ MQTT Broker (NanoMQ) es una Plataforma de Mensajería de Borde integral. Análisis de enteros de bytes variables de MQTT v5 fuera de límites: get_var_integer() acepta varints de 5 bytes sin comprobaciones de límites; desencadena de forma fiable una lectura fuera de límites / caída cuando se compila con ASan. Esto afecta a la versión 0.24.6 y anteriores.
CPE		cpe:2.3:a:emqx:nanomq::::::::
First Time		Emqx Emqx nanomq
References	~~() https://github.com/nanomq/nanomq/issues/2192 -~~	() https://github.com/nanomq/nanomq/issues/2192 - Issue Tracking
References	~~() https://github.com/nanomq/nanomq/security/advisories/GHSA-cggc-6m7w-j7x5 -~~	() https://github.com/nanomq/nanomq/security/advisories/GHSA-cggc-6m7w-j7x5 - Exploit, Vendor Advisory

11 Mar 2026, 16:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 16:16

Updated : 2026-03-17 19:20

NVD link : CVE-2026-21888

Mitre link : CVE-2026-21888

CVE.ORG link : CVE-2026-21888

JSON object : View

Products Affected

emqx

nanomq

CWE

CWE-125

Out-of-bounds Read

7.5 /10