CVE-2026-34608

HIGH EPSS 27.8%
Published Apr 2, 20262mo ago · Modified Jun 17, 20261w ago
8.2 CVSS 3.1
High
Find Similar
Published Apr 2, 2026 2mo ago
Last Modified Jun 17, 2026 1w ago

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook_inproc.c, the hook_work_cb() function processes nng messages by parsing the message body with cJSON_Parse(body). The body is obtained from nng_msg_body(msg), which is a binary buffer without a guaranteed null terminator. This leads to an out-of-bounds read (OOB read) as cJSON_Parse reads until it finds a \0, potentially accessing memory beyond the allocated buffer (e.g., nng_msg metadata or adjacent heap/stack). The issue is often masked by nng's allocation padding (extra 32 bytes of zeros for non-power-of-two sizes <1024 or non-aligned). The overflow is reliably triggered when the JSON payload length is a power-of-two >=1024 (no padding added). This issue has been patched in version 0.24.10.

CVSS Details

Base Score
8.2
Exploitability
3.9
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
27.8% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-457

Affected Products 1

VendorProductVersionRange
emqxnanomq* <0.24.10

References 3

  • github.com https://github.com/nanomq/nanomq/commit/9499a4b2c47998a6aadb69238c18b9e6771b1691
    Patch
  • github.com https://github.com/nanomq/nanomq/releases/tag/0.24.10
    ProductRelease Notes
  • github.com https://github.com/nanomq/nanomq/security/advisories/GHSA-8p57-jxj9-3qq3
    ExploitMitigationVendor Advisory

Remediation

  • github.com https://github.com/nanomq/nanomq/commit/9499a4b2c47998a6aadb69238c18b9e6771b1691
    Patch