Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

nanomq — Vulnerabilities & Security Advisories 11

Browse all 11 CVE security advisories affecting nanomq. AI-powered Chinese analysis, POCs, and references for each vulnerability.

NanoMQ is an ultra-lightweight MQTT broker designed for IoT and edge computing environments, handling high-volume message routing with minimal resource consumption. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from improper input validation and authentication flaws. While no major public security incidents have been widely documented, the 11 recorded CVEs highlight ongoing concerns around buffer overflows and insecure default configurations. Its lightweight architecture introduces unique attack surfaces, particularly in constrained environments where security updates may be delayed. Organizations should implement strict network segmentation and regular patching to mitigate risks associated with its historically vulnerable components.

Found 11 results / 11Clear Filters
Top products by nanomq: nanomq
MediumCVE-2025-321352026-04-21
Heap Buffer Overflow in URI Parameter Parsing · Advisory · nanomq/nanomq · GitHub
High2026-04-21
Heap-buffer-overflow in HTTP get_file path decoding causes NanoMQ crash on port 8081 · Issue #2247 · nanomq/nanomq
Unknown2026-04-21
* FIX [rest_api] fix #2247 · nanomq/nanomq@69a97b3 · GitHub
HighCVE-2024-436162026-04-03
* FIX [webhook_inproc] Get msg length before JSON Parse in hook_work_cb · nanomq/nanomq@9499a4b · GitHub
HighCVE-2023-383242026-04-03
Release NanoMQ 0.24.10 · nanomq/nanomq · GitHub
Medium2026-04-03
Heap-Buffer-Overflow in webhook_inproc.c via cJSON_Parse OOB Read · Advisory · nanomq/nanomq · GitHub
High2026-04-02
* FIX [auth] Fix crash in HTTP auth when using %u/%P with anonymous connections by RanMaoyi · Pull Request #1394 · nanom
High2026-04-02
* MDF [broker_tls] move log around · nanomq/NanoNNG@e80b30b · GitHub
HighCVE-2025-599472026-04-02
Release NanoMQ 0.24.7 · nanomq/nanomq · GitHub
MediumCVE-2025-256272026-04-02
OOB Read / Crash (DoS) via Malformed MQTT Remaining Length over WebSocket · Advisory · nanomq/nanomq · GitHub
LowCVE-2025-320462026-04-02
NanoMQ v0.24.6 HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causi
Medium2026-02-05
NanoMQ $share/ Subscription Validation and Forwarding Parsing Inconsistency: NULL Pointer Increment Causes Crash · Advis
HighCVE-2024-426552025-07-31
bug_report/MQTT/NanoMQ/CVE-2024-42655.md at master · songxpu/bug_report · GitHub
MediumCVE-2024-426492025-07-15
bug_report/MQTT/NanoMQ/CVE-2024-42649.md at master · songxpu/bug_report · GitHub

Showing up to 20 recent security advisories. View all →

This page lists every published CVE security advisory associated with nanomq. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.