CVE-2026-45151
QUIC Stream Null Pointer Dereference in NanoMQ
Publication date: 2026-05-29
Last updated on: 2026-05-29
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| nanomq | nanomq | to 0.24.8 (exc) |
| nanomq | nanomq | to 0.24.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-45151 is a NULL pointer dereference vulnerability in the NanoMQ MQTT Broker project. It occurs in the function quic_stream_recv when handling a substream that is in a reopen state. Specifically, the code attempts to dereference a null substream pointer without properly returning after an error is detected, which leads to a crash.
This happens when the substream ID (strmid) is non-zero but the corresponding substream pointer is NULL, causing the program to access invalid memory.
The vulnerability is classified under CWE-476 (NULL Pointer Dereference) and affects NanoMQ versions up to and including 0.24.8.
How can this vulnerability impact me? :
This vulnerability can be remotely triggered to cause a denial-of-service (DoS) condition by crashing the NanoMQ broker.
The impact is considered low severity, but it can disrupt service availability by causing the broker to crash unexpectedly.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for crashes or denial-of-service conditions in the NanoMQ MQTT Broker, specifically related to the QUIC multistream receive/reopen path.
A proof-of-concept (PoC) exists that triggers the crash under AddressSanitizer (ASAN), which can be used to test if the system is vulnerable.
Since the issue occurs in the function `quic_stream_recv` when a null substream pointer is dereferenced, running NanoMQ under debugging or sanitizing tools like ASAN can help detect the problem.
No specific network commands or detection signatures are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
As of the disclosure date, no patched versions of NanoMQ are available to fix this vulnerability.
Immediate mitigation steps include monitoring the NanoMQ service for crashes and denial-of-service symptoms caused by this NULL pointer dereference.
Consider limiting or filtering incoming QUIC traffic that could trigger the vulnerability to reduce exposure.
Plan to update NanoMQ to a patched version once it becomes available.