CVE-2026-25627
Out-of-Bounds Read in NanoMQ MQTT-over-WebSocket Causes Crash
Publication date: 2026-03-30
Last updated on: 2026-04-02
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| emqx | nanomq | to 0.24.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the NanoMQ MQTT Broker's MQTT-over-WebSocket transport prior to version 0.24.8. It occurs when an MQTT packet is sent with a deliberately large Remaining Length value in the fixed header, but the actual payload is much shorter. The software attempts to copy the number of bytes specified by the Remaining Length without verifying that the receive buffer contains that many bytes, leading to an out-of-bounds read and causing the broker to crash.
How can this vulnerability impact me? :
An attacker can remotely trigger this vulnerability over the WebSocket listener, causing the NanoMQ broker to crash. This results in a denial of service (DoS) condition, disrupting the messaging platform's availability and potentially impacting any systems or applications relying on it for edge messaging.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability has been patched in NanoMQ version 0.24.8. The immediate step to mitigate this vulnerability is to upgrade your NanoMQ MQTT Broker to version 0.24.8 or later.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.