VYPR
Unrated severityNVD Advisory· Published Mar 11, 2026· Updated Mar 11, 2026

MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer()

CVE-2026-21888

Description

NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: get_var_integer() accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier.

Affected products

2
  • Emqx/Nanomqllm-fuzzy2 versions
    <=0.24.6+ 1 more
    • (no CPE)range: <=0.24.6
    • (no CPE)range: <= 0.24.6

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.