CVE-2026-44640
Deferred Deferred - Pending Action
Type Confusion in NanoMQ MQTT Broker Leading to Crash

Publication date: 2026-05-29

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to 0.24.14, aio->prov_data is stored as nni_quic_conn* during dialing, but read as ex_quic_conn* during dialer close. This type confusion causes invalid object interpretation and leads to close-path hang/crash behavior. This vulnerability is fixed in 0.24.14.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-05-29
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-44640
EUVD
EUVD-2026-33428
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
nanomq nanomq to 0.24.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-843 The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-44640 is a type confusion vulnerability in the NanoMQ MQTT Broker, specifically affecting the QUIC dialer close functionality in versions 0.24.x and earlier.

The issue arises because a QUIC connection pointer (nni_quic_conn*) is stored during the dialing process but is incorrectly interpreted as a different pointer type (ex_quic_conn*) during the dialer close operation.

This mismatch causes invalid memory access, which leads to the application hanging or crashing when a dialer is closed while a pending asynchronous I/O operation is still active.

Impact Analysis

An attacker with local access can exploit this vulnerability to cause a denial of service by forcing the NanoMQ process to hang or crash.

The attack requires high complexity and does not need special privileges or user interaction.

The impact on confidentiality, integrity, and availability is limited, with a moderate severity rating (CVSS score 4.5).

Detection Guidance

This vulnerability can be detected by observing hangs or crashes in the NanoMQ broker when a QUIC dialer is closed while an asynchronous I/O operation is still pending. Specifically, detection involves monitoring for close-path hangs or crashes triggered by type confusion in the QUIC dialer close functionality.

A proof-of-concept demonstrates the issue by dialing a QUIC connection and then closing the dialer prematurely, which causes the application to hang. Detection can be done by reproducing this behavior in a controlled environment.

While no specific commands are provided in the resources, you can monitor NanoMQ logs for crashes or hangs related to QUIC dialer close operations and use fuzzing tools to trigger the vulnerability by dialing and closing QUIC connections rapidly.

Mitigation Strategies

The immediate mitigation step is to upgrade NanoMQ to version 0.24.14 or later, as this version includes a fix for the type confusion vulnerability in the QUIC dialer close functionality.

If upgrading is not immediately possible, avoid closing QUIC dialers while asynchronous I/O operations are still pending to reduce the risk of triggering the vulnerability.

Additionally, monitor the system for hangs or crashes related to QUIC dialer operations and apply any available patches or workarounds provided by the NanoMQ project.

Compliance Impact

The vulnerability in NanoMQ (CVE-2026-44640) is a type confusion issue that can cause the application to hang or crash, leading to a denial of service. It has a moderate severity with limited impact on confidentiality, integrity, and availability.

There is no specific information provided about how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-44640. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart