CVE-2026-45151
Deferred Deferred - Pending Action
QUIC Stream Null Pointer Dereference in NanoMQ

Publication date: 2026-05-29

Last updated on: 2026-06-01

Assigner: GitHub, Inc.

Description
NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In 0.24.8 and earlier, quic_stream_recv can dereference a null substream pointer when a substream is in reopen state. The code finishes the AIO with error but does not return before locking c->mtx.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-29
Last Modified
2026-06-01
Generated
2026-06-19
AI Q&A
2026-05-29
EPSS Evaluated
2026-06-18
NVD
CVE-2026-45151
EUVD
EUVD-2026-33429
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
nanomq nanomq to 0.24.8 (exc)
nanomq nanomq to 0.24.8 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-45151 is a NULL pointer dereference vulnerability in the NanoMQ MQTT Broker project. It occurs in the function quic_stream_recv when handling a substream that is in a reopen state. Specifically, the code attempts to dereference a null substream pointer without properly returning after an error is detected, which leads to a crash.

This happens when the substream ID (strmid) is non-zero but the corresponding substream pointer is NULL, causing the program to access invalid memory.

The vulnerability is classified under CWE-476 (NULL Pointer Dereference) and affects NanoMQ versions up to and including 0.24.8.

Impact Analysis

This vulnerability can be remotely triggered to cause a denial-of-service (DoS) condition by crashing the NanoMQ broker.

The impact is considered low severity, but it can disrupt service availability by causing the broker to crash unexpectedly.

Detection Guidance

This vulnerability can be detected by monitoring for crashes or denial-of-service conditions in the NanoMQ MQTT Broker, specifically related to the QUIC multistream receive/reopen path.

A proof-of-concept (PoC) exists that triggers the crash under AddressSanitizer (ASAN), which can be used to test if the system is vulnerable.

Since the issue occurs in the function `quic_stream_recv` when a null substream pointer is dereferenced, running NanoMQ under debugging or sanitizing tools like ASAN can help detect the problem.

No specific network commands or detection signatures are provided in the available information.

Mitigation Strategies

As of the disclosure date, no patched versions of NanoMQ are available to fix this vulnerability.

Immediate mitigation steps include monitoring the NanoMQ service for crashes and denial-of-service symptoms caused by this NULL pointer dereference.

Consider limiting or filtering incoming QUIC traffic that could trigger the vulnerability to reduce exposure.

Plan to update NanoMQ to a patched version once it becomes available.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-45151. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart