CVE-2026-25627
Received Received - Intake
Out-of-Bounds Read in NanoMQ MQTT-over-WebSocket Causes Crash

Publication date: 2026-03-30

Last updated on: 2026-04-02

Assigner: GitHub, Inc.

Description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-30
Last Modified
2026-04-02
Generated
2026-06-16
AI Q&A
2026-03-31
EPSS Evaluated
2026-06-15
NVD
CVE-2026-25627
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
emqx nanomq to 0.24.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the NanoMQ MQTT Broker's MQTT-over-WebSocket transport prior to version 0.24.8. It occurs when an MQTT packet is sent with a deliberately large Remaining Length value in the fixed header, but the actual payload is much shorter. The software attempts to copy the number of bytes specified by the Remaining Length without verifying that the receive buffer contains that many bytes, leading to an out-of-bounds read and causing the broker to crash.

Impact Analysis

An attacker can remotely trigger this vulnerability over the WebSocket listener, causing the NanoMQ broker to crash. This results in a denial of service (DoS) condition, disrupting the messaging platform's availability and potentially impacting any systems or applications relying on it for edge messaging.

Mitigation Strategies

The vulnerability has been patched in NanoMQ version 0.24.8. The immediate step to mitigate this vulnerability is to upgrade your NanoMQ MQTT Broker to version 0.24.8 or later.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-25627. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart