Home / Vulnerability Intelligence / CVE-2026-32135

CVE-2026-32135 - Vulnerability Analysis

HighCVSS: 7.5

Last Updated: April 22, 2026

NanoMQ MQTT Broker - Buffer Overflow

Published: April 20, 2026Updated: April 22, 2026PoC AvailableRemote Exploitable

Overview

NanoMQ MQTT Broker < 0.24.11 contains a heap buffer overflow caused by an off-by-one error in uri_param_parse function of the REST API, letting remote attackers trigger memory corruption via crafted HTTP requests.

Severity & Score

Severity: High

CVSS Score: 7.5

Impact

Remote attackers can cause memory corruption, potentially leading to denial of service or code execution.

Mitigation

Upgrade to version 0.24.11 or later.

References

https://github.com/nanomq/nanomq/commit/69a97b3b39cc218f044f1c8896f4d3d8757bb394
https://github.com/nanomq/nanomq/issues/2247
https://github.com/nanomq/nanomq/security/advisories/GHSA-6w96-9qw7-m599

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-32135
Severity: High
CVSS Score: 7.5
Type: buffer_overflow
Status: confirmed

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H